New crimeware tool Dendroid makes it easier to create Android malware, researchers warn

Posted on by

Dendroid’s features include deleting call logs and files; calling phone numbers; opening Web pages; recording calls and audio from the microphone; intercepting text messages; taking and uploading photos and videos; opening applications and launching HTTP flood (denial-of-service) attacks for a period of time specified by the attacker.

Dendroid is not the first Android RAT, but is one of the most sophisticated one seen to date.

via New crimeware tool Dendroid makes it easier to create Android malware, researchers warn | ITworld.

Stanford team tries for zippier Wi-Fi in crowded buildings

Posted on by

Meanwhile, the underlying tasks of assigning client devices to particular channels and access points are centrally controlled to make the best use of the infrastructure. Where separately owned and managed APs may make poor use of the unlicensed frequencies available in the building, the centrally controlled network can use its universal view to arrange the resources most efficiently.

via Stanford team tries for zippier Wi-Fi in crowded buildings – Network World.

Apple loses bid for U.S. ban on Samsung smartphone sales

Posted on by

A U.S. judge on Thursday rejected Apple’s request for a permanent sales ban in the United States against some older Samsung smartphones, a key setback for the iPhone maker in its global patent battle.

U.S. District Judge Lucy Koh in San Jose, California, ruled that Apple Inc had not presented enough evidence to show that its patented features were a significant enough driver of consumer demand to warrant an injunction

via Apple loses bid for U.S. ban on Samsung smartphone sales – chicagotribune.com.

No the Internet is not a ‘value tree’

Posted on by

Projects like Wikipedia, uses such as text and data mining, online access to cultural heritage and educational resources, and transformative use of the Internet do not follow the same logic as the traditional content industry value chains. Here limited user rights and long terms of protection become problematic and increased enforcement translates into chilling effects.

At the same time all of these types of uses are exactly what makes the Internet special and drives its potential to accelerate innovation and to democratize access to knowledge, tools and culture. The Internet is the first mass medium that is simultaneously enabling market driven uses, uses that are driven by public policy objectives (such as education or access to culture), and uses driven by people’s desire to create, collaborate and contribute to the commons.

via Kennisland : No the Internet is not a ‘value tree’.

SSL TLS HTTPS Web Server Certificate Fingerprints  

Posted on by

Public and Private keys form cryptographically matched pairs. It is not feasible to derive one from the other, yet what one encrypts only the matching other can decrypt. Website SSL security certificates provide the site’s Public cryptographic key which is the public side of the server’s secret Private cryptographic key which is never publicly disclosed. Only the certificate’s public key can be used to encrypt data which the remote server can decrypt only using its matching private key. Since the SSL Proxy Appliance does not have the private key of the remote server—because only the remote server has it—the fake & fraudulent certificate the SSL Proxy provides to the user’s web browser is forced to use a different public key for which it does have a matching private key. And that means that no matter how hard any SSL-intercepting Proxy Appliance may try to spoof and fake any other server’s certificate, the certificate’s public key MUST BE DIFFERENT

via GRC | SSL TLS HTTPS Web Server Certificate Fingerprints  

The remote server’s REAL certificate and the SSL Appliance’s FAKED certificate MUST HAVE AND WILL HAVE radically different fingerprints.  They will not be remotely similar..

A Patent on Seven Simple Lines of Code

Posted on by

Basically, you look in one person’s account to see if there is enough money to make a transfer, and if there is, you transfer the money. I’ll bet you’ve done that before.

In fact, here’s the whole program:

10 LET account1 = 200.00
20 LET account3 = 300.00
30 INPUT “Value to exchange for transaction”; exchange
40 IF account1 < exchange THEN PRINT “Inadequate value”: STOP
50 account1 = account1 – exchange
60 account3 = account3 + exchange
70 PRINT “Instruction to 1st institution: adjust 2nd account by ”; -exchange

This implementation demonstrates that Alice’s patented invention requires only seven simple lines of code, not complex programming or specially designed hardware.

via A Patent on Seven Simple Lines of Code – Public Knowledge.

No, I Don’t Trust You! — One of the Most Alarming Internet Proposals I’ve Ever Seen

Posted on by

The technical details get very complicated very quickly, but what it all amounts to is simple enough. The proposal expects Internet users to provide “informed consent” that they “trust” intermediate sites (e.g. Verizon, AT&T, etc.) to decode their encrypted data, process it in some manner for “presumably” innocent purposes, re-encrypt it, then pass the re-encrypted data along to its original destination.

via Lauren Weinstein’s Blog: No, I Don’t Trust You! — One of the Most Alarming Internet Proposals I’ve Ever Seen.

In essence it’s a kind of sucker bait. Average users could easily believe they were “kinda sorta” doing traditional SSL but they really wouldn’t be, ’cause the ISP would have access to their unencrypted data in the clear. And as the proposal itself suggests, it would take significant knowledge for users to understand the ramifications of this — and most users won’t have that knowledge.

This editorial illustrates that Man In The Middle (MITM) attacks cannot happen without user consent.  This blogger fears that ISPs will require consent for all SSL sessions  making all users’ end to end encryption vulnerable to a “trusted” proxy.  Here is a blurb in the draft.

From the IETF draft:  Explicit Trusted Proxy in HTTP/2.0 draft-loreto-httpbis-trusted-proxy20-01

This document describes two alternative methods for an user-agent to automatically discover and for an user to provide consent for a Trusted Proxy to be securely involved when he or she is requesting an HTTP URI resource over HTTP2 with TLS. The consent is supposed to be per network access. The draft also describes the role of the Trusted Proxy in helping the user to fetch HTTP URIs resource when the user has provided consent to the Trusted Proxy to be involved.

The consent is supposed to be on a per network (or destination) basis which means there may be a reason the user agent will want to use a trusted proxy — perhaps they do not trust the destination network.  The blogger implies ISPs will want blanket consent over all destinations which 1) they could implement now without this standard and 2) this would not make for a good PR move because it would not go unnoticed.

Battery-free technology brings gesture recognition to all devices

Posted on by

The researchers built a small sensor that can be placed on an electronic device such as a smartphone. The sensor uses an ultra-low-power receiver to extract and classify gesture information from wireless transmissions around us. When a person gestures with the hand, it changes the amplitude of the wireless signals in the air. The AllSee sensors then recognize unique amplitude changes created by specific gestures.

via Battery-free technology brings gesture recognition to all devices | UW Today.

Munich opts for open source groupware from Kolab

Posted on by

The Kolab groupware system that was originally developed for the German Federal Office for Information Security (BSI) will be employed as part of Munich’s MigMak project, a abbreviation used by the city to describe the migration of its mail and calendar system, Kolab said. The system is to be provided as completely open-source technology, including the necessary professional support, it added.

All the city’s LiMux PCs and the remaining Windows PCs will be using the Kolab Desktop Client in combination with the Kolab web client based on Kolab Enterprise 13, it said.

via Munich opts for open source groupware from Kolab | ITworld.

From: Kolab’s web site:

What is Kolab?
Kolab is a secure, scalable and reliable groupware server. It is formed by a number of well-known and proven components or the standards tasks such as E-Mail, Directory and Web Service.

Cellular’s open source future is latched to tallest tree in the village

Posted on by

And that network runs on open source. OpenBTS, an all-software cellular transceiver, is at the heart of the network running on that box attached to a treetop. Someday, if those working with the technology have their way, it could do for mobile networks what TCP/IP and open source did for the Internet. The dream is to help mobile break free from the confines of telephone providers’ locked-down spectrum, turning it into a platform for the development of a whole new range of applications that use spectrum “white space” to connect mobile devices of every kind. It could also democratize telecommunications around the world in unexpected ways. Startup Range Networks, the company that developed the open-source software powering the network, has much bigger plans for the technology. It wants to adapt the transceiver to use unlicensed spectrum for small-scale cellular networks all over the world without the need to depend on the generosity of incumbent telecom providers or government regulators.

via Cellular’s open source future is latched to tallest tree in the village | Ars Technica.

OpenBTS is a Unix-based software package that connects to a software-defined radio. On the radio side, it uses the GSM air interface used globally by 2G and 2.5G cellular networks, which makes it compatible with most 2G and 3G handsets. On the backend, it uses a Session Initiation Protocol (SIP) “soft-switch” or a software-based private branch exchange (PBX) server to route calls, so it can be integrated with VoIP phone systems.