Malware Posing as Official Google Play App Found in….Official Google Play Store

Posted on June 19, 2014 by mea

When you click on it, the app asks for administrator privileges of the device. Once opened the sole user interface FireEye observed for the app contains pops up saying “Program Error” and “It’s Deleted!” when translated to English from Korean.

via Malware Posing as Official Google Play App Found in….Official Google Play Store.

These exploits usually require the user to approve of something first.

The app captures text messages, security certificates and banking details which it then sends to a Gmail address included in the malware – an email address which Google has now terminated

B.C. Court Orders Google To Remove Websites From its Worldwide Index

Posted on June 18, 2014 by mea

The implications are enormous since if a Canadian court has the power to limit access to information for the globe, presumably other courts would as well. While the court does not grapple with this possibility, what happens if a Russian court orders Google to remove gay and lesbian sites from its database? Or if Iran orders it remove Israeli sites from the database? The possibilities are endless since local rules of freedom of expression often differ from country to country. Yet the B.C. court adopts the view that it can issue an order with global effect.

via Michael Geist – Global Deletion Orders? B.C. Court Orders Google To Remove Websites From its Worldwide Index.

Monitor DNS Traffic & You Just Might Catch A RAT

Posted on June 17, 2014 by mea

You may not be able to keep pace with every new DNS exploitation but you can be proactive by using firewalls, network IDS, or name resolvers to report certain indicators of suspicious DNS activity.

via Monitor DNS Traffic & You Just Might Catch A RAT.

It’s Time For a Hard Bitcoin Fork

Posted on June 16, 2014 by mea

GHash is in a position to exercise complete control over which transactions appear on the blockchain and which miners reap mining rewards. They could keep 100% of the mining profits to themselves if they so chose. Bitcoin is currently an expensive distributed database under the control of a single entity, albeit one that requires constantly burning energy to maintain — worst of all worlds.

via It’s Time For a Hard Bitcoin Fork :: Hacking, Distributed.

Vigilant Solutions National Vehicle Location Service

Posted on June 13, 2014 by mea

The largest pool of data is that harvested by Vigilant from commercial sources, most notably, Vigilant’s subsidiary, DRN (Digital Recognition Network). This pool of LPR data totals over 1.8 billion detections and grows at a rate of almost 70 million per month. This data is available via an annual subscription and greatly enhances an agency’s investigative reach.

via Vigilant Solutions National Vehicle Location Service.

Microsoft demos breakthrough in real-time translated conversations

Posted on June 12, 2014 by mea

Skype Translator results from decades of work by the industry, years of work by our researchers, and now is being developed jointly by the Skype and Microsoft Translator teams. The demo showed near real-time audio translation from English to German and vice versa, combining Skype voice and IM technologies with Microsoft Translator, and neural network-based speech recognition.

via Microsoft demos breakthrough in real-time translated conversations – The Official Microsoft Blog – Site Home – TechNet Blogs.

EU Set to Probe Ireland’s Tax Arrangements with Apple

Posted on June 11, 2014 by mea

Ireland’s taxation laws allow multinationals to set up subsidiaries that effectively turn them into stateless entities whose revenues are subject to no jurisdiction. It’s the definition of entirely legal tax avoidance, and Apple has been among the most successful companies in routing much of its international revenues and earnings through its Irish subsidiaries.

via EU Set to Probe Ireland’s Tax Arrangements with Apple – The Mac Observer.

How Amazon got a patent on white-background photography

Posted on June 10, 2014 by mea

The problem is not with the examiners, but with the law that governs that examination. That law makes it possible to get patents on ideas that any ordinary person would find old, well-known, and obvious.

via How Amazon got a patent on white-background photography | Ars Technica.

The result in Hear-Wear explains the result in the Studio Arrangement patent application. In both cases, the inventive idea, embodied in the independent claim, was shown to be old and well-known by a prior art reference. And in both cases, a seemingly trivial add-on feature in a dependent claim ended up being the feature that tipped the balance from obvious to nonobvious—a multi-pronged plug in one, and a distance ratio in the other. Because in both cases, that trivial feature was so ordinary that no one would have taken the time to describe it in a printed publication, but without such a publication, according to the Federal Circuit’s rules, obviousness cannot be proved.

This, in my view, is why the examiner did not even attempt to reject claim 3. A distance ratio may seem trivial, unimportant, or uninventive, but absent a written prior art reference, that distance ratio can sustain a whole patent claim. However obvious such an element may sound, it remains nonobvious according to the letter of the law, and that is all that is needed for the patent application to leave the examiner’s desk and move to allowance.

NASA Beams “Hello, World!” Video from Space via Laser

Posted on June 9, 2014 by mea

Optical communication tools like OPALS use focused laser energy to reach data rates between 10 and 1,000 times higher than current space communications, which rely on radio portions of the electromagnetic spectrum.

Because the space station orbits Earth at 17,500 mph, transmitting data from the space station to Earth requires extremely precise targeting. The process can be equated to a person aiming a laser pointer at the end of a human hair 30 feet away and keeping it there while walking.

via NASA Beams “Hello, World!” Video from Space via Laser | NASA.

Dan Farmer Presents Research on IPMI Vulnerabilities

Posted on June 8, 2014 by mea

IPMI runs regardless of the underlying operating system and operates on UDP port 623 through a server’s network port or its own Ethernet port. It runs continuously, Farmer said, unless the plug is literally pulled. Moore’s scan pulled up 230,000 responses over port 623, an admittedly tiny slice of the overall number of implementations. Yet Farmer concludes that 90 percent of BMCs running IPMI could be compromised because of default or weak passwords or weaknesses in the protocol, not only implicating the host server but others in the same management group because, as he discovered, some vendors share common passwords.

via Dan Farmer Presents Research on IPMI Vulnerabilities | Threatpost | The first stop for security news.

BMC = Baseboard Management Controller, a separate device attached to motherboards for management purposes. This isn’t the first article to point out vulnerabilities in IPMI. It has been noted that IPMI should run on its own intranet and not the public internet. Providing another layer of security to this interface may mitigate any problems. IPMI can’t be any less secure than SNMP.

Bucktown Bell

Cut to the chase.

Monthly Archives: June 2014