With just less than a month until support for Windows XP ends, the security community has warned that hackers are hoarding exploits to let loose on unsuspecting firms once support ends.
After 8 April Microsoft will not release any more updates for the platform. This means that for hackers any holes in the platform they exploit will not be patched, presenting a potential gold mine.
Trouble ahead Mark Brown, director of information security at EY, told V3 that he believes the end of support for XP will open the floodgates for hackers to release all manner of attacks.
“There could be a nightmare scenario where it becomes the Wild West, or it could be another Y2K situation where nothing actually happens,” he said.
“However, given how prevalent cyber issues have become, I would be surprised if there is a not a stock of zero-day exploits waiting to be released in April.”
Trend Micro security director Rik Ferguson is of the same opinion. “There will vulnerabilities that will be exploited – that is a given,” he told V3. “It would be short-sighted to claim all the vulnerabilities have been found, because there will still be exploits.”
Finnish security firm F-Secure was similarly candid in its assessment of the situation. "When (not if) a powerful zero-day exploit makes its way to market – that's when the real concerns begin and important questions will be asked," it said in a recent security report.
Jason Steer, director of technology strategy at FireEye, added: "Opportunist attackers won’t want to miss the chance to attack a platform that no longer patches against new zero-day attacks."
Software Russian roulette For firms still on XP, then, they appear to be involved in a game of software Russian roulette where one of them will be hit, serving as a warning to the market.
“The first major exploit that hits the headlines is really going to drive the point home and convince those at the board level or in the executive team it is worth putting time and money into upgrading systems to avoid suffering the same fate,” said Ferguson.
However, Ferguson said it may not quite be the case that the day represents a deluge of exploits, as given the time it takes to migrate from XP, hackers will have a little while to pick their targets.
“For an enterprise to go through a complete desktop migration is a big deal and takes a long time, so there will be a reasonable period of time when hackers can make their move.”
This is scant consolation, though, and the situation appears bleak: those who have not migrated are very much on their own, with no-one V3 spoke to believing Microsoft will feel any obligation to patch any major issues that come to light.
Defensive measures As such the onus is very much on businesses to take action to defend themselves, as noted by Steve Durbin, global vice president of the Information Security Forum.
“Organisations would be well advised to take stock now of their exposure, if they haven’t already done so, and assess the risk that this might bring to their business,” he said. “They can then understand the scope of the problem and plan to mitigate against the potential risk that this might bring.”
F-Secure also provided some tips: "Air gapping systems or isolation to separate networks from critical intellectual property is recommended. Businesses should already be making moves such as this for bring your own device (BYOD) users. XP is just another resource to manage."
The obvious solution would of course be to move away from XP altogether, but this is not an easy task, as Steer explained.
"The problem is that this is an unrealistic timeframe because it will take a lot of time and money to do this. What they [businesses] need to do is build a mitigation strategy that increases monitoring and detection technologies to address the gap that will be created."
Whatever does happen after 8 April is impossible to predict, but what is clear from all those that V3 spoke to is that XP vulnerabilities exist, will be found and will be used, and one firm is going to be the first to bear the brunt of an attack.
The silver lining is that this could serve as an impetus for firms across the world to realise the end of XP support is serious. The question is, who is going to be that first victim? http://www.v3.co.uk/v3-uk/analysis/2333009/hackers-hoarding-windows-xp-exploits-for-cut-off-bonanza#
ComputerWeekly.com - Warwick Ashford - Friday 14 March 2014
The theft of payroll data from supermarket chain Morrison smacks of insider hacktivism, say security industry representatives.
Data, including bank account details, has been published online and sent on a disk to a newspaper, according to the supermarket.
Morrisons said its initial investigation does not point to the work of an outside hacker and there has been no loss of customer data. Around 100,000 employees are affected, reports the BBC.
The firm is conducting an urgent review of its internal data security systems and has set up a helpline for its staff.
From the tactics used, the theft is more likely to be an act of revenge or hacktivism, because the perpetrators wanted to make the stolen data public, said Lancope CTO Tim Keanini.
“If they were cyber criminals, it would have been harder to find in the initial stages because it would have been for sale on some darknet and for a price," said Keanini.
“Also, the data being sent to a newspaper is another sign that the perpetrator wanted it to be a very public event.”
The fact that only employee data appear to be involved, said Keanini, is another sign that the theft is unlikely to be the work of cyber criminals, who would typically go after valuable customer data.
The incident, he said, highlights the importance of systems to log all data access and flag any anomalous behaviour by employees using valid credentials.
Mark James, technical director at ESET UK said that, although under early investigation, the incident may demonstrate that the moat around the castle model is redundant if the enemy already lies within.
“While protection against external threats is essential, not all danger comes from outside parties. As such, security policies need to also be as focused on the threats from within,” he said.
Anomalous behaviour According to James, detection is an important as protection. Appropriate security policies should be implemented to ensure alarms are raised as soon as unusual behaviour is detected.
“Should these hurdles be overcome, the proactive use of encryption should ensure sensitive data cannot be used for any meaningful purpose, should it get into the wrong hands,” he said.
George Anderson, product marketing director at security firm Webroot, said the incident underlines that a well-developed and executed data security policy should be able to protect against all sorts of breaches, including internal ones.
“The best approach to security is to create a layered defence. It should encompass everything, from identity protection and strong authentication like passwords, PIN codes and biometrics, to data encryption which ensures even compromised information can only be used by those with the necessary deciphering encryption keys and permissions,” he said.
Privileged user access Paul Ayers, vice-president for Europe at security firm Vormetric, said that, like data breaches at US retailers Target and Neiman Marcus, this incident suggests organisations still struggle to protect their data resources from those already legitimately “inside the fence”.
“It is often a case of ineffective management of ‘privileged’ users on corporate networks that causes this type of data breach," said Ayers.
“Every organisation will have employees or contractors who have far reaching, privileged, computer network access rights – and it is how these users are controlled and secured that is often a weak link in the data security framework.”
Ayers said that, despite ongoing high-profile breaches, Vormetric’s research indicates that 73% of organisations fail to block privileged user access to sensitive data.
“Organisations must be regularly assessing their security position and, more importantly, constantly monitoring their IT systems to detect and respond to data breaches as soon as they happen. In turn, encryption of all data must be viewed as a mandatory, life-saving seatbelt,” he said.
“It is only with a deep level of security intelligence and data-centric security that businesses will be able to spot suspicious activity as and when it occurs, and stop outside attackers and rogue employees alike in their tracks.”
Tech News - By Jamie Harris - Friday, Mar 14 2014,
Banks will be hit hard by Microsoft's decision to withdraw support for Windows XP, as the majority of the world's ATMs use the operating system.
According to Reuters, 95% of cash machines run XP, meaning they will have to pay millions in upgrades when support is cut off on April 8.
With under a month to go, many unprepared banks will be forced to pay Microsoft for an extended contract while upgrades are put in place.
Sources claim that moving from Windows XP to Windows 7 could cost each UK bank between £50m and £60m.
It is thought that Lloyds Banking Group, RBS, HSBC, Barclays and Santander UK are five of Britain's banks either to have already arranged, or to be in the process of arranging, extended contracts with the PC maker, as the contracts are vital for ensuring their machines are protected against viruses and hackers.
"There are certainly large enterprise customers who haven't finished their migrations yet and are purchasing custom support," a spokesman for Microsoft admitted.
"The cost will depend on both the specific needs of the customer and what support they already have in place, so it's different for every customer."
Recent figures suggest that Windows XP still powers more than a quarter of PCs, and actually saw a market share increase from January (28.98%) to February (29.23%).
Read more: http://www.digitalspy.co.uk/tech/news/a557789/windows-xp-support-cut-off-to-cost-banks-millions-in-atm-upgrades.html#ixzz2wDdF5pSw Follow us: @digitalspy on Twitter | digitalspyuk on Facebook
Rumors of Apple's plans for a smartwatch have been doing the rounds for over a year at least. The company has never confirmed the existence or development of this so-called iWatch (the above is a render). However, since Apple isn't in the business of confirming any rumors regarding upcoming products, the rumor mill has chugged along regardless of this fact. Since early 2013, we've been hearing about everything from iWatch patents to displays. We've rounded up all the rumors below and will be updating this article periodically. Read on for everything there is to know about Apple's much talked iWatch.
One of the most important aspects of wearable tech is that it be fashionable. By nature, a smartwatch needs to have a big enough screen to display the time (obviously) but also a limited amount of text or (at the very least) clear notifications. Apple's iWatch is rumored to have a flexible or curved display, similar to the Galaxy Gear Fit from Samsung. An Apple patent filed in August of 2011 emerged last February and talked about slap bracelet-style accessories with flexible displays. The screen would display information in real time and the slap bracelet approach would allow the wearer to place it in a wider variety of places (such as the wrist, arm, or ankle).
Of course, it wouldn't be an Apple-branded mobile device without a splash of iOS, and rumors from 2012 suggest that the iWatch will indeed run Apple's mobile operating system. While it's hard to imagine a full version of iOS running on a smartwatch, it doesn't sound like the device will run Apple's iPod software either. Instead, it's possible we'll see a modified version of iOS designed specifically for companion devices, much like Apple has done with CarPlay.
Ever since Apple released the iPad, people have been speculating about what Apple would do next. After revolutionizing the mobile phone with the iPhone, and the PC with the iPad, many expect Apple to revolutionize the TV.
Apple analyst Gene Munster has been the loudest proponent of the idea that Apple will be doing a television.
Two years ago he said, "It will be the biggest thing in consumer electronics since the smartphone," and he described it by saying, "Imagine just a sheet of glass"—"no edges or bevels."
He was predicting it would be out by 2013. But, it never happened.
There's new information that suggests Apple may not ever get into the television business.
The Wall Street Journal's former Apple beat reporter, Yukari Iwatani Kane, has a new book about Apple called "Haunted Empire: Apple After Steve Jobs".
In her book she says Jobs told his top executives before he died that he had no plan to release a television because it's a bad business.
Every year Apple hosts a "Top 100" meeting, which gathers the top 100 executives, managers, and employees. As with all things Apple, the top 100 meeting is supposed to be secretive.
Jobs would give people a month's notice before a top 100 happened. The Apple staff would then be bused to a resort where they would give presentations on Apple's business. New products were often revealed. No one was to email outsiders, even Apple employees, or tweet or anything while at the meeting.
In 2010, Jobs hosted his final Top 100 meeting. Apple revealed the iPad 2 and its magnetic cover in the meeting. When Jobs did a Q&A on the new iPad, all the executives were fawning over the cover.
Jobs finally said. "Can we talk about the iPad?"
At the time Jobs quite sick, and it was apparent. He wasn't chewing out employees during their presentations like he normally did. He was having trouble walking, and he looked weak.
Yukari reports on the last day of the meeting, Jobs sat in front of the room with everyone and said, "You've got Steve Jobs sitting right here. You're my guys, you can ask me anything you want. I don't care how dumb it is or how insulting it is. I want to make you all feel comfortable about whatever questions you have about the company."
One person asked if Apple was going to release a television next. There were already rumors all over the place that it was Apple's next conquest.
Yukari says "Jobs didn't hesitate." He said, "No."
"TV is a terrible business. They don't turn over and the margins suck," said Jobs. (Unlike iPhones which are wildly profitable and replaced every two years, a TV gets replaced every 8 years, and isn't all that profitable.)
He did want to control the living room, though, he said. He also said the Apple TV, the little video streaming box, would remain a hobby until Apple got all the content it needed.
Just months after Jobs delivered those comments, he stepped away from his day-to-day role at Apple.
Yukari says that some people in room believed Jobs' comments on TV. Others, the "veterans in the room" weren't sure that Jobs really meant it. Those people thought it was a message from Jobs to focus on what they were doing instead of trying to think of the next thing too quickly.
It's been over three years since Jobs made those comments, and Apple still doesn't have a television. There's been reports this year of Apple revamping its TV strategy, but it all centers on the Apple TV, which is the little box that plugs into the TV, not a full, 60-inch HD iTelevision.
Therefore, it seems like Jobs may have been genuine when he told his top 100 employees he didn't want to do a television.
But, Jobs comments to Apple execs are at odds with what he told his biographer Walter Isaacson. Before he died he said, "I’d like to create an integrated television set that is completely easy to use ... It would be seamlessly synced with all of your devices and with iCloud ... It will have the simplest user interface you could imagine. I finally cracked it."
Jobs was famous for saying one thing and then doing another. In this case, it's hard to know which quote was the truth. Was he telling the truth to Isaacson, or to his Apple's top 100 employees?
BBC News - Wales - Hywel Griffith - 12th March 2014
A survivor of a serious motorbike accident has had pioneering surgery to reconstruct his face using a series of 3D printed parts.
Stephen Power was photographed before the operation, left, and afterwards, right
Stephen Power from Cardiff is thought to be one of the first trauma patients in the world to have 3D printing used at every stage of the procedure.Doctors at Morriston Hospital, Swansea, had to break his cheekbones again before rebuilding his face.Mr Power said the operation had been "life changing".
The UK has become one of the world's pioneers in using 3D technology in surgery, with advances also being made by teams in London and Newcastle.
“I can't remember the accident - I remember five minutes before and then waking up in the hospital a few months later” Stephen Power
While printed implants have previously been used to help correct congenital conditions, this operation used custom printed models, guides, plates and implants to repair impact injuries months after they were sustained.
Despite wearing a crash helmet Mr Power, 29, suffered multiple trauma injuries in an accident in 2012, which left him in hospital for four months.
"I broke both cheek bones, top jaw, my nose and fractured my skull," he said. "I can't remember the accident - I remember five minutes before and then waking up in the hospital a few months later."
Two views of Stephen Power's skull after the operation with temporary staples
A skull model and implants produced using 3D printing
In order to try and restore the symmetry of his face, the surgical team used CT scans to create and print a symmetrical 3D model of Mr Power's skull, followed by cutting guides and plates printed to match.
Maxillofacial surgeon Adrian Sugar says the 3D printing took away the guesswork that can be problematic in reconstructive work.
"I think it's incomparable - the results are in a different league from anything we've done before," he said.
"What this does it allows us to be much more precise. Everybody now is starting to think in this way - guesswork is not good enough."
The procedure took eight hours to complete, with the team first having to re-fracture the cheek bones with the cutting guides before remodelling the face.
A medical-grade titanium implant, printed in Belgium, was then used to hold the bones in their new shape.
Looking at the results of the surgery, Mr Power says he feels transformed - with his face now much closer in shape to how it was before the accident.
"It is totally life changing," he said.
"I could see the difference straight away the day I woke up from the surgery."
Having used a hat and glasses to mask his injuries before the operation, Mr Power has said he already feels more confident.
"I'm hoping I won't have to disguise myself - I won't have to hide away," he said.
The procedure took eight hours to complete "I'll be able to do day-to-day things, go and see people, walk in the street, even go to any public areas."
The project was the work of the Centre of Applied Reconstructive Technologies in Surgery (Cartis), which is a collaboration between the team in Swansea and scientists at Cardiff Metropolitan University.
Design engineer Sean Peel has said the latest advance should encourage greater use of 3D printing within the NHS.
"It tends to be used for individual really complicated cases as it stands - in quite a convoluted, long-winded design process," he said.
"The next victory will be to get this process and technique used more widely as the costs fall and as the design tools improve."
Mr Power's operation is currently being featured in an exhibition at the Science Museum in London, called 3D Printing: The Future.
HANOVER: Prime minister David Cameron has announced that the government will invest a further £45m in technologies relating to the Internet of Things (IoT), and that UK and German universities will collaborate to research 5G.
Cameron was joined by German chancellor Angela Merkel as the two leaders promised to form stronger ties between the UK and German technology industries.
Speaking at the CeBIT opening ceremony, attended by V3, the prime minister said £45m has now been made available for firms researching IoT technologies, taking the total investment in this area to £73m.
IoT is the consumer-friendly term for machine-to-machine communication, with internet-connected sensors built into devices such as thermostats, fridges and industrial machinery. Funding of £1m will also go to a grant scheme called the European Internet of Things for companies looking to make use of IoT technology in their business operations.
Cameron also announced a new joint project between King's College London, the University of Surrey and Dresden University of Technology to develop 5G connections, which the PM said would allow consumers to download a full movie in "less than a second".
Finally, he claimed that the government's new strategy for the wireless spectrum, which will be revealed in full today, will double the economic benefits of spectrum usage to £100bn by 2025.
He called for closer ties with German tech firms, saying: "We are on the brink of a new industrial revolution and I want us, the UK and Germany, to lead it. Take British ingenuity in software, services and design, add German excellence in engineering and industrial manufacturing, and together we can lead in this new revolution."
Merkel added that the next big challenge for Europe would be to create a "single digital market" for better competition between firms and better value and service for consumers. She commended the European Commission's Digital Agenda chief Neelie Kroes for her efforts, and looked to reassure the audience of IT leaders that Germany was taking the challenge seriously.
"We need to speed up our efforts, and let me assure on behalf of the whole of the government that we will work for this. We need this single digital market," Merkel said.
The UK is this year's partner country for CeBIT, with Cameron touring the show floors to promote the UK tech industry, along with the likes of former Tech City chief Joanna Shields and Raspberry Pi founder Eben Upton.
Last week EE spoke of its efforts to push 5G research as work begins on this new area of mobile connectivity, although live networks are not expected until around 2020
As we mentioned earlier this week, Microsoft has a problem because a huge chunk of Windows XP stragglers still aren’t upgrading to Windows 7 or Windows 8 even though there’s just over a month to go until XP support ends. Tom’s Hardware writes that Microsoft does have one more card to play that it hopes will finally convince XP diehards to switch:
Windows 9. Microsoft knows that Windows 8 is a nonstarter for many XP users, which is why it’s apparently designed Windows 9 with the desktop user much more in mind. The company began its efforts to appease desktop PC users with Windows 8.1 — which added back a Start button and the option of booting up to desktop — and it’s only going to further down this road with its next major release.
“Windows 8.1, launched in October 2013, definitely made the platform feel more like a single unit than the previous Desktop/Modern UI double-feature,” Tom’s Hardware writes. “Windows 8.1 GDR1, scheduled to launch in April, will supposedly help merge the two together. Windows 9? Even more.”
Tom’s Hardware also points out that Dell marketing exec Margaret Franco recently said that her company’s customers are expressing “a lot more interest around developing the transition strategy for their OS” in anticipation of Windows 9.
Of course, there’s one problem here: Windows 9 won’t launch until the fall of 2014 at the very earliest and has been tipped to launch as late as the spring of 2015. In the time between April and Windows 9′s eventual release, XP users are going to get swamped with all manner of fun zero-day attacks by malware developers who have had XP’s impending death on their radars for years. If that can’t convince them to finally dump XP, it’s doubtful there’s anything Windows 9 could do to change their minds either.
If you read the pundits and tip sheets you see all sorts of imaginary scenarios play out for Apple's next big thing. The three that seem to be getting the most attention include a surprise.
The company just rolled out Apple CarPlay, which got some buzz from the recent Geneva Auto Show. It will be fun to see how it plays out.
We've already heard speculation about a big-screen Apple TV (set). There is always chatter about an Apple iWatch or some sort of wearable from Cupertino. Both are risky and small potatoes compared to the third item: An end-to-end mobile payment system that competes directly with PayPal and most of the established systems already in place.
Enter the Apple iCard. Don't leave home without it. There has been a lot of speculation about an Apple credit card on sites like Seeking Alpha, a website that seems preoccupied with all things regarding Apple finance and stock price.
Here are the interesting statistics that got my attention:
"With 575 million active accounts, Apple has more populated digital wallets than any other player in finance. 575 million accounts is 1.37x the total number of MasterCards issued worldwide, 3.5x the number of card holders in the US, 5x the number of cards on file as PayPal and 3.4x the number of cards on file for Amazon."
There are outrageous numbers of people who can be easily converted to customers of additional services. Mobile payments overall are estimated to hit a $1 trillion (£600 billion) by 2017, according to a report from IDC.
The way Apple users are lock-step and all-in with pretty much everything Apple does, the company would own a huge piece of this market.
This speculation by the Apple watchers was apparently triggered by some new e-commerce and payments patents filed by the company. This was combined with backroom gossiping by PayPal and others. In fact, PayPal would love to partner with Apple and be part of the process. That partnership remains to be seen.
Whatever the case, if everything actually worked out, some analysts see it adding $60 billion (£35 billion) to the Apple bottom line, which is substantial. Apple would become a financial services company and a bank as well as a manufacturer and a trendsetter.
But is this the sort of thing Tim Cook can roll out and expect to excite the Apple community? As time goes by, Cook is seen as more and more of the uninspired corporate apparatchik who is quite disconnected from the average Apple user.
Rolling out a mobile payment system and an Apple credit card is the exact opposite of an exciting idea, no matter how good the idea is for Apple shareholders.
First of all, Apple makes most of its income from sales at its retail stores. Running a finance company to handle all the transactions will bring in more profits, but will the stores continue to attract customers if they do not have cool new products to show off?
That said, this is a risky bet insofar as continuing profits are concerned. Apple could buy Square to get its feet wet or go all-in with an arrangement with Discover Financial services or even MasterCard. Maybe even consider a merger or acquisition, although the market caps for these publicly held credit card companies are a little high for even Apple to swallow.
This whole notion might be the worst move ever – unless the company can somehow make it exciting.
Personally, I cannot see how to do it. This is dreadfully dull stuff. Apple does not need the reputation of a boring finance company. What's next? Insurance?
Twitter has just fixed a bug that in some cases allowed tweets from users with protected accounts to be read by non-approved followers. The social media site said on its blog that the bug had been around since November, though only affected a tiny fraction of its user base.
“We were alerted to and fixed a bug in our system that, for 93,788 protected accounts under rare circumstances, allowed non-approved followers to receive protected tweets via SMS or push notifications since November 2013,” Bob Lord, Twitter’s director of information security, wrote in a post.
The San Francisco-based company said that the fix should ensure such a bug doesn’t occur again in the future, adding that it had removed any unapproved followers from protected accounts.