Discus Systems PLC - IT Support Company in Birmingham West midlands
0800 880 3360

Posted by Damien Biddulph on Mon 13th Mar 2017

CIA logoImage copyrightGETTY IMAGES

Image captionThe CIA has not said if the claims are true

Wikileaks has published details of what it says are wide-ranging hacking tools used by the CIA.

The alleged cyber-weapons are said to include malware that targets Windows, Android, iOS, OSX and Linux computers as well as internet routers.

Some of the software is reported to have been developed in-house, but the UK's MI5 agency is said to have helped build a spyware attack for Samsung TVs.

A spokesman for the CIA would not confirm the details.

"We do not comment on the authenticity or content of purported intelligence documents," he said.

Edward Snowden tweetsImage copyrightTWITTER

Image captionWhisteblower Edward Snowden has tweeted that the leak appears to be authentic

A spokesman for the UK Home Office was unable to comment.

Wikileaks said that its source had shared the details with it to prompt a debate into whether the CIA's hacking capabilities had exceeded its mandated powers.

Embarrassment factor - Analysis by BBC's security correspondent Gordon Corera

These latest leaks - which appear to give details of highly sensitive technical methods - will be a huge problem for the CIA.

There is the embarrassment factor - that an agency whose job is to steal other people's secrets has not been able to keep their own.

Then there will be the fear of a loss of intelligence coverage against their targets who may change their behaviour because they now know what the spies can do.

And then there will be the questions over whether the CIA's technical capabilities were too expansive and too secret.

Because many of the initial documents point to capabilities targeting consumer devices, the hardest questions may revolve around what is known as the "equities" problem.

This is when you find a vulnerability in a piece of technology how do you balance the benefit to the public of telling the manufacturer so they can close it and improve everyone's security with the benefit to the spy agency of leaving it in place so they can exploit it to collect intelligence.

The NSA has already faced questions about whether it has this balance right when many of its secrets were revealed by Edward Snowden, and now it may be the CIA's turn.

Read more from Gordon

Hacked TVs

The effort to compromise Samsung's F8000 range of smart TVs was codenamed Weeping Angel, according to documents dated June 2014.

They describe the creation of a "fake-off" mode, designed to fool users into believing that their screens had been switched off.

Instead, the documents indicate, infected sets were made to covertly record audio, which would later be transferred over the internet to CIA computer servers once the TVs were fully switched back on, allowing their wi-fi links to re-establish.

Under a "future work" section, it is suggested that video snapshots might also be taken and the wi-fi limitation be overcome.

Samsung TVImage copyrightSAMSUNG

Image captionThe CIA is alleged to have found a way to listen to conversations that took place close to Samsung TVs

Samsung has not commented on the allegations.

Apple attacks

Wikileaks also claims that as of last year, the CIA has built up an arsenal of 24 Android "zero days" - the term given to previously unknown security flaws in code.

Some of these are said to have been discovered by the CIA, but others were allegedly obtained from the UK's GCHQ agency as well as the NSA and unnamed third-parties.

Devices made by Samsung, HTC and Sony, among others, were said to have been compromised as a result, allowing the CIA to read messages on Whatsapp, Signal, Telegram and Weibo among other chat services "before encryption is applied".


Media captionFormer CIA boss: latest leak on Wikileaks has 'made my country less safe'

It is also claimed that a specialised CIA unit was set up to target iPhones and iPads, allowing the agency to see a target's location, activate their device's camera and microphone, and read text communications.

The unit is also reported to have made use of further iOS "zero days" obtained from GCHQ, the NSA and FBI.

"It is longstanding policy that we do not comment on intelligence matters," GCHQ told the BBC.

"Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate."

Other claims say the CIA:

  • was trying to find ways to infect vehicles' computer control systems. Wikileaks claims these might have been used for undetectable assassinations
  • had found ways to infect "air-gapped" computers - machines that are not linked up to the internet or other insecure networks. Methods are said to have included hiding data in images or hidden parts of computer storage
  • had developed attacks against popular anti-virus products
  • had built up a library of hacking techniques "stolen" from malware developed in Russia and elsewhere

Wikileaks describes its release as the first in a series of planned leaks about the CIA's cyber-activities, which it refers to as Vault 7.

It added that the material had already circulated among hackers who used to work for the US government as well as contractors in an unauthorised manner.

Analysis: Mark Ward, Technology reporter

Julian AssangeImage copyrightREUTERS

Image captionWikileaks's founder Julian Assange said there was a cyber-weapon proliferation risk

There is a huge amount of information in the CIA data dump but a lot of it, such as its apparent success in compromising smart TVs, is not that surprising. Lone researchers have managed similar hacks, so smart government agents were always going to be able to go further.

Plus, we kind of know that a lot of the modern internet-of-things gear is broken as all kinds of holes have been found in all kinds of gadgets - including cars.

What's more interesting is the work said to have been done on iPhone and Android handsets. That's because Apple works hard to make sure iOS is secure and Google has made a real effort lately to secure its operating system. For a spy agency, access to those gadgets is key because they travel everywhere with a target.

What is likely to hit the CIA the hardest is losing control of all the zero day exploits and malware detailed in the papers.

It is more than likely that the agency paid millions to build up an arsenal of tools that are guaranteed to work - largely because they are based on flaws, bugs and vulnerabilities that have never been seen before. Operating systems of all stripes are really big haystacks and the information in some of the leaks looks like a good map to all the needles hiding within.

With the zero days now largely burned the CIA may have to re-trench for a while but it will doubtless have other unused attack tools stored and ready to deploy.

What's potentially more worrying is that as information about the bugs gets out then cybercriminals and other "bad guys" will pile in and use them.

We saw that with the zero days released in the much smaller Hacking Team data breach, and there is much more useful data to be found in this trove.


Source: bbc.co.uk
corner spacer corner

Posted by Damien Biddulph on Mon 13th Mar 2017

Will become standalone business, but remain part of wider BT Group

Major changes for UK broadband infrastructure market

Major changes for UK broadband infrastructure market

BT has agreed to turn its Openreach division into a separate business after ongoing pressure from Ofcom and industry rivals. However, BT will still legally be the owner of the company and set the budget Openreach is given each year.

The move marks the end of years of debate and disagreement over how Openreach should be managed, with rivals to BT such as Sky, TalkTalk and Vodafone saying it should be an independent company.

Once the split is completed, Openreach will be a fully independent entity within the wider BT Group that will have sole focus on managing the fibre and copper broadband infrastructure that all broadband providers, including BT Retail, use to deliver services.

Some 32,000 staff from Openreach are expected to move from BT to the independent Openreach and it will be run by a CEO and report to the board that oversees Openreach, separate to BT. It will also have its own logo without any BT branding.

However, as noted, BT will still set the budget for Openreach each year. But it will have no say in how Openreach uses this budget while Openreach must consult with those that it serves such as Sky and TalkTalk before beginning any major infrastructure projects. 

Sharon White, Ofcom chief executive, said the deal was a significant moment for the UK telecoms sector and should led to improved services for all.

"The new Openreach will be built to serve all its customers equally, working truly independently and taking investment decisions on behalf of the whole industry - not just BT," she said.

"We welcome BT's decision to make these reforms, which means they can be implemented much more quickly. We will carefully monitor how the new Openreach performs, while continuing our work to improve the quality of service offered by all telecoms companies."

Gavin Patterson, BT Chief Executive, said the time was right to make the change as the firm recognised the UK would benefit from a more independent network infrastructure business.

"I believe this agreement will serve the long-term interests of millions of UK households, businesses and service providers that rely on our infrastructure. It will also end a period of uncertainty for our people and support further investment in the UK's digital infrastructure," he said.

"This has been a long and challenging review where we have been balancing a number of competing interests. We have listened to criticism of our business and as a result are willing to make fundamental changes to the way Openreach will work in the future."

One of the big hopes of an independent Openreach is that it will be able to put more money into improving customer services, as Alex Neill, Managing Director of Home Services at Which? noted.

"Millions of people have suffered woeful levels of service from Openreach, so these reforms must lead to significant improvements for customers who have been let down for too long," he said.

"Telecoms are now an essential part of our daily lives, so it's vital that consumers now really do see better phone and broadband services." 

Kester Mann, principle analyst for operators at CCS Insight, said the deal was a real win for Ofcom under Sharon White's leadership and BT's rivals should be pleased with the outcome too.

"Its determination in negotiations with BT under the increasingly impressive stewardship of Sharon White, should be applauded," he said.

"BT's rivals, notably Sky and TalkTalk, will publically claim that the regulator should have gone further by enforcing a full structural separation.

"However, this option was always the most radical and controversial the regulator could have taken. In private they should be more than satisfied with the changes Ofcom has pushed through."

Source: v3.co.uk
corner spacer corner

Posted by Damien Biddulph on Mon 13th Mar 2017


Sir Tim Berners-LeeImage copyrightAP

Image captionSir Tim Berners-Lee said he wants to put "a fair level of data control back in the hands of people"

The inventor of the world wide web, Sir Tim Berners-Lee, has unveiled a plan to tackle data abuse and fake news.

In an open letter to mark the web's 28th anniversary, Sir Tim has set out a five-year strategy amid concerns he has about how the web is being used.

Sir Tim said he wants to start to combat the misuse of personal data, which creates a "chilling effect on free speech".

He also called for tighter regulation of "unethical" political adverts.

The British computer scientist said he wants the people who have helped develop the web with blogs, tweets, photos, videos and web pages to help come up with practical solutions to make a web "that gives equal power and opportunity to all".

Users are often unable to tell outlets what data they would not like shared, Sir Tim said. Terms and conditions were "all or nothing".

Media captionThe misuse of data is a global phenomenon, says Dr Bernie Hogan from the Oxford Internet Institute

Sir Tim said he wants to work with companies to put "a fair level of data control back in the hands of people".

He also expressed concerns that government surveillance is going too far and stopping the web from being used to explore topics such as sensitive health issues, sexuality or religion.

Social media sites and search engines must be encouraged to continue efforts to combat the problem of fake news, Sir Tim said.

However, central bodies deciding what is true or not should be avoided, he added.

Certain algorithms can favour sensationalist information designed to surprise or shock users rather than reflect the truth and can "spread like wildfire", Sir Tim said.

What is fake news?

Donald TrumpImage copyrightEPA

The arrival of social media - and the fight for clicks - has meant real and fictional stories are presented in such a similar way that it can be hard to tell the two apart.

So-called "fake news" could be false information deliberately circulated by those who have scant regard for the truth but hope to advance particular (often extreme) political causes and make money out of online traffic.

Or it could be false information circulated by journalists who don't realise it's false.

Fake news has become so prevalent that the Commons Culture, Media and Sport Committee is now investigating concerns about the public being swayed by propaganda and untruths.

The committee was spurred by claims that voters in the US election were influenced by fake news, it said.

Pope Francis was reported to have backed Donald Trump's presidency campaign, for example, when he had not made an endorsement.

Meanwhile, Mr Trump himself has used the term fake news to refer to critical stories about his administration, picking out organisations such as CNN and BBC.

Sir Tim advocated transparency so users can understand how web pages appear on their devices and suggested a set of common principles for sites to follow.

And he raised concerns about how online political advertising had become a "sophisticated" industry.

Sir Tim said there were indications some targeted advertising was being used in "unethical ways" to keep voters away from the polls or directing people to fake news sites.

He suggested companies could put subscription payments and small automated charges in place to make money without these types of adverts.

However, despite highlighting issues on the world wide web which be believed need addressing, Sir Tim has admitted the solutions "will not be simple".

Source: bbc.co.uk
corner spacer corner

Posted by Damien Biddulph on Wed 8th Mar 2017

Should ensure coverage during disasters and remote locations

An EE heli-kite on display at the Oval cricket ground

An EE heli-kite on display at the Oval cricket ground

EE has shown off drones, heli-kites and rapid response vehicles that can provide 4G in remote locations for the emergency services and customers during emergency situations such as floods, to ensure constant connectivity.

The technology was first revealed almost two years ago but was only at the test stage at the time. Since then EE has worked to turn the vehicles into viable systems and has patent pending on the innovations, although the technology powering the services is from other vendors, such as Nokia, Avanti and Uvue.

The heli-kite is perhaps the most impressive of the three pieces of kit that EE will be using. It hovers up to 300 feet in the air and can provide 4G coverage over a 4km circumference. It can be deployed in around an hour, and is tethered to the ground from a solid base.


The tether also provides power to the balloon, and interestingly this is delivered as digital power in the form of packets, lessening the danger if the tether should be cut while in use.

The drone is the fastest deployment option, at 15 minutes, although has a smaller range at 1km. EE said this would be ideal for short-term coverage, ideally for emergency services teams working in a remote area.

Finally, the rapid response vehicles (RRV) are vans fitted with antennas that can be deployed to quickly provide coverage over a 2km radius. This can be deployed in around 30 minutes and should be in use by the end of the year.


Image showing EE RRV with mast deployed to maximum height

EE has 32 in service and intends to deploy them to various locations around the country to ensure they can be on site and ready to offer connectivity within three hours of a request.

EE said it had seen speeds of between 40-50Mbps in tests of the various kit, saying this underlined how viable the technology can be for providing adequate coverage to the public and the emergency services.

EE acknowledged there are still regulatory hurdles to overcome in ensuring the services can be used as intended, but said it was confident it would have the technology live by the end of the year.

"It's just about clarifying that we can use this for airborne solution," said EE network chief Mansoor Hanif, discussing the heli-kite system.

While emergency services use is the key driver for the technology, EE also said it could be used for coverage at major events.

Dr Nigel Brown, lead for resilient ICT strategy for civil contingencies, secretariat at the Cabinet Office said the systems being developed would have major benefits to how the emergency services can deal with events.

He cited examples such as flooding at Boscastle in Cornwall in 2004 and the Greyrigg train crash as the types of events that would have benefited the emergency services if they had existed at the time.

"Something like this that could be deployed on sites of major incidents is really exciting, there are some obvious immediate advantages," he added.


Source: v3.co.uk
corner spacer corner

Posted by Damien Biddulph on Wed 8th Mar 2017


A couple hugging while on their phones

How long could you survive without your phone?

Psychologists have found that the answer is probably only a few minutes - at least among people aged 18 to 26.

In a study, people whose phones were taken away from them were more likely to show "stress behaviour" than those who had their phones on them.

Participants who were given another mobile showed less signs of stress too, even though it wasn't their own phone.

A man in the dark looking at his phone

Image captionIt didn't take long for people to start showing signs of stress when they were apart from their phones

The comfort from the mobile phone is a substitute for real human interaction, say the researchers.

Morerelated stories

Mark Zuckerberg

Tech inventors who question their creations

Nokia 3310

Is Nokia really bringing back the 3310?

Taking a photo of tacos with a phone

Is Instagram connected to food waste?

They even compare it to how a baby can be comforted with a blanket when they are away from their parents.

The study was conducted by scientists from Eotvos Lorand University in Hungary and is published in the journal Computers in Human Behaviour.

Veronika Konok, one of the authors, says: "Objects can be the subject of attachment, like photos of important people, or toys.

"The mobile phone is special because it's not only an important object, but also represents our other social connections."

Hands and phones around a round table

Image captionEven another person's phone being nearby reduces stress levels

The study was done with a group of 18 to 26-year-olds, who were filmed and whose heart rates were monitored.

Half of the group had their phones taken away and put in a cupboard.

Each of the 87 participants would sit in a room on their own and asked to do sums and puzzles on a laptop.

In the three-and-a-half-minute break between activities, those without their phones were more likely to hover around the cupboard where their phone was, and within that time showed signs of stress such as a change in heart rate variability.

Those without phones were also likely to fidget, touch their faces or scratch - all signs of stress, according to the psychologists who ran the experiment.

The subjects were also tested for their reactions to emotive words, and were found to respond more to words to do with separation, for example "break up" and "loss".

A child in a pram with a smartphone

Image captionA phone can act like a comfort blanket - a substitute for human interaction

Veronika adds that she thinks that young people feel a stronger connection with their phones: "Children who use mobile phones in infancy, I think they will be even more attached to it."

Their results might not that surprising to hear - if you've run out of battery or lost your phone for just a few minutes, you'll know it can get quite stressful.

The fear of being apart from your phone has even got a name - it's called nomophobia, which is an abbreviation of "no-mobile-phone phobia".

It affects about four in five young people, according to some studies.

Source: bbc.co.uk
corner spacer corner

Posted by Damien Biddulph on Wed 8th Mar 2017


Ciaran Martin

Image captionCiaran Martin said hackers were attempting to obtain details of government policy

Britain's security has been threatened by 188 high-level cyber attacks in the last three months, according to a government security chief.

Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC), told the Sunday Times many of the attacks "threatened national security".

Attempts by Russian and Chinese state-sponsored hackers were among those being investigated, he added.

Mr Martin spoke ahead of the official opening of the NCSC in London.

He told the newspaper that attempts on government departments were designed to "extract information on UK government policy on anything from energy to diplomacy to information on a particular sector".

These include alleged hacks similar to those on the US Democratic National Committee, which led to the publication of leaked emails from Hillary Clinton in the run-up to the US election.

US intelligence services have stated the attack was an attempt by the Kremlin to interfere in the presidential election.

Mr Martin said there had been "a step-change in Russian aggression in cyber space" over the last two years.

"Part of that step change has been a series of attacks on political institutions, political parties, parliamentary organisations and that's all very well evidenced by our international partners and widely accepted."

Meanwhile, Chancellor Phillip Hammond - a former defence and foreign secretary - said the NCSC had blocked 34,550 "potential attacks" on government departments and members of the public in the last six months - a rate of about 200 a day.

Writing in the Sunday Telegraph, he warned that the "internet revolution" raised the threat of being held to ransom by hackers, the theft of intellectual property and the "shutting down of critical national infrastructure".

Source: bbc.co.uk
corner spacer corner

Posted by Damien Biddulph on Mon 27th Feb 2017

Binary computer codeImage copyrightISTOCK

One, zero, zero, one, zero, one. Zero, one, one…

That is the language of computers. Every clever thing your computer does - make a call, search a database, play a game - comes down to ones and zeroes.

Actually, it comes down to the presence (one) or absence (zero) of a current in tiny transistors on a semiconductor chip.

Thankfully, we do not have to program computers in zeroes and ones.

Microsoft Windows, for example, uses 20GB, or 170 billion ones and zeroes.

Printed out, the stack of A4 paper would be two and a half miles (4km) high.

Imagine setting every transistor manually.

Ignoring how fiddly this would be - transistors measure just billionths of a metre - if it took a second to flip each switch, installing Windows would take 5,000 years.

Find out more

Lieutenant Grace Hopper uses a new calculating machine invented by Commander Howard H. Aiken for the Navy's use during WW1Image copyrightGETTY IMAGES

Image captionLt Grace Hopper using a new calculating machine invented by Howard Aiken for the US Navy's use during World War Two

50 Things That Made the Modern Economy highlights the inventions, ideas and innovations that have helped create the economic world.

It is broadcast on the BBC World Service. You can find more information about the programme's sources and listen online or subscribe to the programme podcast.

Early computers really were programmed rather like this.

Consider the Automatic Sequence Controlled Calculator, later known as the Harvard Mark 1.

It was a 15m-long (50ft), 2.5m-high concatenation of wheels, shafts, gears and switches.

It contained 530 miles (850km) of wires.

Harvard Mark 1 computer in 1944Image copyrightIBM

It whirred away under instruction from a roll of perforated paper tape.

If you wanted it to solve a new equation, you had to work out which switches should be on or off, which wires should be plugged in where.

Then, you had to flip all the switches, plug all the wires, and punch all the holes in the paper tape.

Programming it was not just difficult, but involved tedious, repetitive and error-prone manual labour.

Four decades on from the Harvard Mark 1, more compact and user-friendly machines such as the Commodore 64 found their way into schools.

You may remember the childhood thrill of typing this:

  • 10 print "Hello world"
  • 20 go to 10

"Hello world" would fill the screen, in chunky, low-resolution text.

You had instructed the computer in words that were recognisably, intuitively human.

It seemed like a minor miracle.

Mathematical brilliance

One reason for computers' astonishing progression since the Mark 1 is certainly ever-tinier components.

But it is also because programmers can write software in human-like language, and have it translated into the ones and zeroes, the currents or not-currents, that ultimately do the work.

The thing that began to make that possible was called a compiler.

And behind the compiler was a woman called Grace Hopper.

Nowadays, there is much discussion about how to get more women into tech.

In 1906, when Grace was born, not many people cared about gender equality.

Fortunately for Grace, her father wanted his daughters to get the same education as his son.

Sent to a good school, Grace turned out to be brilliant at maths.

Her grandfather was a rear admiral, and her childhood dream was to join the US Navy, but girls were not allowed.

Unwieldy contraption

Then, in 1941, the attack on Pearl Harbor dragged America into World War Two.

Male talent was called away.

The US Navy started taking women. Grace signed up at once.

If you are wondering why the navy needs mathematicians, consider aiming a missile.

At what angle and direction should you fire?

The answer depends on many things: target distance, temperature, humidity, wind speed and direction.

These are not complex calculations, but they were time-consuming for a human "computer" armed only with pen and paper.

As Lt (junior grade) Hopper graduated from midshipmen's school in 1944, the navy was intrigued by the potential of an unwieldy machine recently devised by Harvard professor Howard Aiken - the Mark 1.

The navy sent Lt Hopper to help Prof Aiken work out what it could do.

Grace Hopper with the rest of the Harvard Mark 1 computer team in 1944Image copyrightUSAF/SCIENCE PHOTO LIBRARY

Image captionGrace Hopper with Howard Aitken (middle, bottom row) and the rest of the Harvard Mark 1 computer team in 1944

Prof Aiken was not thrilled to have a female join the team, but Lt Hopper impressed him enough that he asked her to write the operating manual.

This involved plenty of trial and error.

More often than not, the Mark 1 would grind to a halt soon after starting - and there was no user-friendly error message.

Once, it was because a moth had flown into the machine - that gave us the modern term "debugging".

More often, the bug was metaphorical - a wrongly flipped switch, a mispunched hole in the paper tape.

The detective work was laborious and dull.

More from Tim Harford

The iPhone at 10: How the smartphone became so smart

The simple steel box that transformed global trade

How the barcode changed retailing

Why the falling cost of light matters

Lt Hopper and her colleagues started filling notebooks with bits of tried-and-tested, re-useable code.

By 1951, computers had advanced enough to store these chunks - called "subroutines" - in their own memory systems.

By then, Grace was working for a company called Remington Rand.

She tried to persuade her employers to let programmers call up these subroutines in familiar words - to say things such as: "Subtract income tax from pay."

She later said: "No-one thought of that earlier, because they weren't as lazy as I was."

In fact, Grace was famed for hard work.

US Navy Commodre Grace Hopper in her office during the 1980sImage copyrightGETTY IMAGES

Image captionGrace Hopper was posthumously granted the Presidential Medal of Freedom in 2016

But what Grace called a "compiler" did involve a trade-off.

It made programming quicker, but the resulting programmes ran more slowly.

That is why Remington Rand were not interested.

Every customer had their own, bespoke requirements for their shiny new computing machine.

It made sense, the company thought, for its experts to program them as efficiently as they could.

Open source

Grace was not discouraged: she simply wrote the first compiler in her spare time.

And others loved how it helped them to think more clearly.

Kurt Beyer's book, Grace Hopper and the Invention of the Information Age, relates many tales of impressed users.

One of them was an engineer called Carl Hammer, who used the compiler to attack an equation his colleagues had struggled with for months.

Mr Hammer wrote 20 lines of code, and solved it in a day.

Like-minded programmers all over the US started sending Grace new chunks of code, and she added them to the library for the next release.

In effect, she was single-handedly pioneering open-source software.

Grace's compiler evolved into one of the first programming languages, COBOL.

More fundamentally, it paved the way for the now-familiar distinction between hardware and software.

Telle Whitney, CEO and president of the Anita Borg Institute, co-founder of the Grace Hopper CelebrationImage copyrightANITA BORG INSTITUTE

Image captionDr Telle Whitney co-founded the Grace Hopper Celebration in 1994 to encourage women into computing

With one-of-a-kind machines such as the Harvard Mark 1, software was hardware.

No pattern of switches would also work on another machine, which would be wired completely differently.

But if a computer can run a compiler, it can also run any program that uses it.

Further layers of abstraction have since come to separate human programmers from the nitty-gritty of physical chips.

And each one has taken a further step in the direction Grace realised made sense: freeing up programmer brainpower to think about concepts and algorithms, not switches and wires.

Grace had her own views of why colleagues had been initially resistant: not because they cared about making programs run more quickly, but because they enjoyed the prestige of being the only ones who could communicate with the godlike computer.

The "high priests", Grace called them.

She thought anyone should be able to programme.

Now, anyone can.

And computers are far more useful because of it.

Source: bbc.co.uk
corner spacer corner

Posted by Damien Biddulph on Mon 27th Feb 2017

Probably Chinese or Taiwanese, too, claims Kaspersky

Very sophisticated malware helps spread Mirai

Very sophisticated malware helps spread Mirai

The author of a new strain of Windows malware designed to propagate Mirai, the malware that exploits insecurities in Linux-based connected devices, is "more advanced" than the coders behind Mirai itself, Kaspersky has claimed.

It follows an initial analysis of the code of the malware by the security software vendor. 

"The Windows-based spreader is richer and more robust than the original Mirai codebase, but most of the components, techniques, and functionality of the new spreader are several years old," suggested Kaspersky.

It added: "Its capacity for spreading the Mirai malware is limited: it can only deliver the Mirai bots from an infected Windows host to a vulnerable Linux IoT device if it is able to successfully brute-force a remote telnet connection.

However, it is "clearly the work of a more experienced developer, although probably one who is new to the Mirai game.

"Artefacts such as language clues in the software, the fact that the code was compiled on a Chinese system, with host servers maintained in Taiwan, and the abuse of stolen code-signing certificates from Chinese companies, suggest that the developer is likely to be Chinese-speaking."

With more experienced hackers turning their hands to Mirai and malware for propagating it, Kaspersky suggests that we could soon see much bigger attacks, not just the distributed denial of service attacks carried out via Mirai last year.

At the moment, the Windows Mirai ‘muck spreader' has only seen limited distribution, with around 500 unique systems attacked in 2017 by the malware.

But based on the geolocation of IP addresses targetted in the second stage of attack, according to Kaspersky, the countries most vulnerable are emerging markets that have invested heavily in connected technology.

These include India, Vietnam, Saudi Arabia, China, Iran, Brazil, Morocco, Turkey, Malawi, United Arab Emirates, Pakistan, Tunisia, Russia, Moldova, Venezuela, the Philippines, Colombia, Romania, Peru, Egypt and Bangladesh.

"The release of the source code for the Zeus banking Trojan in 2011 brought years of problems for the online community - and the release of the Mirai IoT bot source code in 2016 will do the same for the Internet," said Kaspersky principal security researcher Kurt Baumgartner.

He continued: "More experienced attackers, bringing increasingly sophisticated skills and techniques, are starting to leverage freely available Mirai code.

"A Windows botnet spreading IoT Mirai bots turns a corner and enables the spread of Mirai to newly available devices and networks that were previously unavailable to Mirai operators. This is only the beginning."

Security blogger Brian Krebs, in a long posting on his own website, suggested that a US student was responsible for the original Mirai malware. After the code was published, the network of compromised devices was used in a number of DDoS attacks, and one Chinese manufacturer admitted responsibility for using insecure software in its digital video recorders produced for CCTV systems 

Source: v3.co.uk
corner spacer corner

Posted by Damien Biddulph on Mon 27th Feb 2017

Check Point data underlines risks to UK firms

Ransomware is very popular with cyber crooks

Ransomware is very popular with cyber crooks

Ransomware attacks doubled in volume in the second half of 2016, with the Locky variant accounting for two-fifths of the attacks. 

That's according to research by Check Point Software, which reveals that Cryptowall was the second most prolific form of ransomware, with the Cerber ransomware-as-a-service scheme close behind.

Together these three types of ransomware were responsible for 90 per cent of ransomware outbreaks in the second-half of the year, despite a proliferation of new ransomware strains as cyber criminals look to cash-in.

The UK has been a particular target for ransomware gangs, partly fuelled by organisations' willingness to pay-up.

However, the most prolific malware, according to the security software company's Global Threat Intelligence Trends report, was the Conficker worm which, despite its age - it was first detected in November 2008 - continues to plague Windows PCs and servers from Windows 2000 onwards.

The Conficker worm enables remote operations to be performed on infected PCs, as well as enabling malware downloads. The infected machine becomes part of a botnet, and contacts its command and control server to receive instructions, warns Check Point.

The report also warned about the proliferation of banking malware, with another well-established malware family, Zeus, which has been around since early 2009, accounting for one-third of all banking malware infections.

Zeus targets Windows platforms and uses a keystroke logger to steal banking credentials and browser form-data.

"Our data demonstrates that a small number of families are responsible for the majority of attacks, while thousands of other malware families are rarely seen," said Maya Horowitz, threat intelligence group manager at Check Point Software.

Ransomware attacks, she added, were proliferating fast "simply because they work and generate significant revenues for attackers".

She continued: "Organisations are struggling to effectively counteract the threat: many don't have the right defences in place, and may not have educated their staff on how to recognise the signs of a potential ransomware attack in incoming emails." 

Just last week, Russian security software company Kaspersky admitted that three-quarters of the crypto-ransomware families - ransomware that encrypts people's data and demands a payment in return for the decryption key - were the work of Russian-speaking cyber-criminals.


Source: v3.co.uk
corner spacer corner

Posted by Damien Biddulph on Mon 27th Feb 2017

The tower fireImage copyrightREMI LEFEVRE

Image captionOne tumble dryer led to a tower block fire that left families homeless

Millions of owners of potentially lethal tumble dryers have been warned not to use them until the machines have been repaired.

Tumble dryers sold under the Hotpoint, Creda and Indesit brands have been behind a series of fires.

Whirlpool, which owns the brands, had said they were all right to use, providing someone was in attendance.

But Trading Standards ordered new guidance, namely that they should not be used until they are repaired.

A statement on the Whirlpool safety website says: "If your tumble dryer is affected by this issue, then you should unplug it and do not use it until the modification has taken place."

At the same time the consumer group Which? has called for a full recall of all the machines involved.

Some owners have been waiting up to a year for a free repair programme to be carried out.

Fires have been caused by excess fluff, which can come into contact with the heating element and so catch light.

One machine awaiting repair caught fire in London last August, causing a blaze in a tower block that took 120 firefighters to bring it under control.

The dryers subject to the repair programme were manufactured between April 2004 and September 2015 under the Hotpoint, Indesit, Creda, Swan and Proline brands.

The fire damaged appliance was examined in a specialist laboratoryImage copyrightLONDON FIRE BRIGADE

Image captionThe damaged appliance from the Shepherd's Bush fire in a specialist lab

Background: Truth, fires and tumble dryers; are our home appliances safe?

Hotpoint - Online checker

Indesit - Online checker

Whirlpool freephone helplines: 0800 151 0905 for the UK, or 1800 804320 for the Irish Republic

Whirlpool has written to 3.8 million owners of the affected dryers, but as many as 2.4 million have not responded. The company has written to them again, offering to repair their machines.

A further 100,000 customers have registered, but not yet organised a repair.

"Since the launch of this campaign, safety has been our number one priority," Whirlpool said.

"We have consistently responded to the advice of Trading Standards and continue to do so. Trading Standards have now notified us that updated usage advice should be communicated to consumers and we are implementing this."

Which? called for a full recall programme of the faulty machines.

The consumer group has already launched a legal bid to force Trading Standards to take stronger action over the tumble dryers.

"Fundamentally, we now believe a full recall is necessary, and the Government must urgently address the issues with the product safety system as it shouldn't require the threat of judicial review to ensure that consumers are protected from dangerous products," said Alex Neill, managing director of home and legal services at Which?

"Despite updating the safety notice on its websites, Whirlpool still needs to do a lot more. Our advice is to go straight to Whirlpool to demand your machine is fixed, but also try speaking to the retailer you bought it from."


Media captionThe incident took 120 firefighters to bring under control

The Trading Standards office in question - in Peterborough - has said that the threat of legal action was premature.

The London Fire Brigade, which tackled the blaze in Shepherd's Bush last August, said it agreed that owners should not use the dryers until they were repaired.

It said it had already asked Whirlpool to give out that advice.

The Brigade's assistant commissioner for fire safety, Dan Daly, said: "This change of advice could save lives and we are extremely relieved that, after six months of campaigning by the Brigade, Whirlpool has finally brought its advice in line with our own.

"We attend nearly one fire a day involving white goods, and strongly believe that if your appliance is subject to a safety or recall notice, or you think there is something wrong with it, you should unplug it immediately and contact the manufacturer or a qualified repair technician."

Jill Paterson, a partner at Leigh Day, the law firm acting for some of those affected by the Shepherd's Bush fire, said the advice from Whirlpool was long overdue.

"There should have been more urgent action taken to protect consumers - it should not have taken enforcement action by Trading Standards for this to happen," she said.

Source: bbc.co.uk
corner spacer corner

Veeam Specialist Microsoft Small Business Specialists Birmingham Microsoft Gold Certified Partner Birmingham Siemens Solution 1 Reseller Birmingham Sonicwall Specialists Birmingham Business Link Approved Birmingham Fujitsu Primergy Certified Partner Birmingham Facebook Follow us on Twitter ESET NOD32 VMWare
IT Support
IT Services
IT Solutions
Get Support Now
© 2018 Discus Systems plc. All rights reserved. Content Management by Verve Digital