Posts Tagged ‘code’

Could A Thumb Drive Stop Stuxnet? – Security – Antivirus

Tuesday, December 18th, 2012

Is a information stored on your USB ride expostulate stable from any malware on a PC it gets plugged into?

USB ride expostulate manufacturer Kingston Technology this week announced that dual of a drives from a Traveler line — DataTraveler Vault Privacy and DataTraveler 4000 — now come with an discretionary ClevX DriveSecurity feature, that requires 300 MB of a drive’s space and includes built-in ESET antivirus program for nuking any viruses, worms, Trojan applications, rootkits, or adware that competence try to taint a drive.

“When a expostulate owners authenticates to a peep drive, DriveSecurity launches immediately. It updates a pathogen signature and scans any changes (all new files, applications, etc.) to a peep drive,” pronounced ESET. “Upon user request, it checks a whole peep expostulate to safeguard that it is giveaway of antagonistic code.” ESET also pronounced a anti-malware program contains heuristic malware showing to assistance temperament opposite threats. But a association pronounced that a drive’s antivirus program won’t indicate a PC that it gets plugged into.

Is antivirus program on USB ride drives redundant? Or competence it instead have helped forestall a conflict of such malware as Stuxnet? Indeed, a USB pivotal carrying Stuxnet appears to have been obliged for during slightest some of a ensuing infections, that targeted an Iranian chief trickery during Natanz. The premonition with Stuxnet, of course, is that a malware seems to have been introduced on purpose, expected by a U.S. agent, definition it was meant to taint a USB expostulate and in spin systems during a facility.

[ Hacking organisation boasts of government, trade organisation exploits. Read some-more during Team Ghostshell Hackers Claim NASA, Interpol, Pentagon Breaches. ]

On a other hand, common malware that attempts to taint USB drives stays alive and well, in partial since eradicating it is formidable given all of a opposite ways in that it can spread. For example, ESET final week reported that a second many prevalent pathogen is an auto-run worm famous as Pronny, that spreads in partial by infecting removable media. Once a worm infects a system, it afterwards hides versions of itself elsewhere, including on network shares, and attempts to taint all it can touch, including ride drives.

USB drives can get putrescent in countless ways, such as by supply sequence insecurities during production. For example, IBM incidentally distributed ride drives during an Australian confidence discussion that were putrescent malware.

Other infection vectors engage employees regulating virus-infected kiosks or third-party PCs during airports or Internet cafes, giving a USB pivotal to a crony whose PC happens to have a virus, or regulating a USB pivotal on a corporate network where a pathogen is residing.

“In use one sees both unintended and conscious infection. Stuxnet is an instance of a latter, where someone installed antagonistic formula onto a expostulate with a vigilant of removing that formula onto a aim system,” pronounced ESET confidence preacher Stephen Cobb in a blog post. “Unintentional infection can start when we place your USB peep expostulate into an insufficiently stable system. Sure, we might detect a infection later, when we eventually place your expostulate into your possess computer, though we could do a lot of repairs before then.”

As an example, Cobb references a box detailed progressing this year by a Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), that in 2010 investigated an conflict of malware tied to a Mariposa botnet. While a influenced classification wasn’t named, a attention was remarkable as being “the chief sector.”

The investigators traced a infection behind to a discussion presentation, observant in an advisory that “an worker attended an attention eventuality and used an instructor’s concept sequence train (USB) peep expostulate to download display materials to a laptop.” After a worker reconnected their laptop to a corporate network after returning to work, a malware spread, eventually infecting 100 other network-connected systems.

As malware gets increasingly sophisticated, so, too, contingency a record and strategies we use to detect and exterminate it (or, improved yet, stop it before it ever creates it onto network systems). Our Rooting Out Sophisticated Malware news examines a tools, technologies and strategies that can palliate some of a burden. (Free registration required.)

Article source:

Cyber Security: Software, Firmware and Hardware Engineers – Milton Keynes

Tuesday, December 4th, 2012

Software Engineer (Cryptography specialist)

Software Engineer (Cryptography specialist)Primary Purpose of a RoleWorking from specifications and high turn designs, perform minute design, exercise code, rise section tests and counterpart examination program work packages for new and existent products.Principal RelationshipsTeam Lead engineer/Technical …

Read more

Article source:

Why SQL Server confidence matters: A box study

Thursday, November 29th, 2012

Editor’s note: This is a initial of a four-part array on SQL Server security. Please
check behind subsequent week for a subsequent chapter.

Database backups are stolen. Viruses conflict servers. The database has unapproved changes. This
is what happens when SQL Server confidence is lax.

Database technologies are an essential member of many information systems since they store
a vast volume of supportive corporate information such as patron information and other confidential
business data. Because of this, it is not wrong to contend that databases such as SQL Server are the
most profitable item for any organization, and that is since they contingency be cumulative from inner and
external attacks.

Unfortunately, this is not a case, and many organizations still find database confidence to be
an homely topic. As a result, they do not have a extensive database confidence routine that
can urge their database infrastructure opposite worldly inner and outmost attacks. Many
are even incompetent to accommodate regulatory correspondence mandate such as a Gramm-Leach-Bliley Act
(GLBA), a European Union Data Protection Directive (EUDPD), a Health Insurance Portability and
Accountability Act (HIPAA), a Payment Card Industry Data Security Standard (PCI DSS) and
Sarbanes-Oxley (SOX).

Case investigate of a association lacking SQL Server security

Company XYZ is a vast curative association that markets several medical products to smaller
pharmaceutical companies worldwide. As SQL Server has a good lane record with few vulnerabilities
and diseased points, Company XYZ uses SQL Server as a categorical database technology. Its SQL Server
databases store a company’s trusted information such as patron information, label sum and
employee information. This information is creatively ported from Excel spreadsheets. In new years,
however, Company XYZ has gifted poignant expansion in all areas of a business. Over a last
year, a business has been in a press for a wrong reasons: leaked patron data, unauthorized
access and other reasons caused by a unsecure SQL Server infrastructure.

Here’s a list of confidence vulnerabilities identified in Company XYZ’s SQL Server

Unauthorized changes. In a final 12 months, unapproved changes to a databases are
the categorical cause in a disaster of a SQL Server infrastructure. This is since Company XYZ
currently has no change government processes in place. Unauthorized changes to databases represent
a many larger possibility of outmost threats, such as attacks from outmost hackers or antagonistic code

Well-documented and strong change government routine is indispensable for Company XYZ SQL Server
database formula deployment since it ensures that certified changes are deployed to production
databases and eliminates neglected risks.

Unauthorized users. On few occasions, it has been celebrated that unapproved users are
frequently accessing Company XYZ’s SQL Server databases. This especially happens when a SQL Server
instance is configured to use Mixed Mode Authentication or BUILTINAdministrators are a member of
the “sysadmin” role. After investigation, it was found that many SQL logins, including logins with
sysadmin (sa) privileges, had diseased or vacant passwords and users are not forced to change their
passwords periodically.

Microsoft SQL Server confidence best practices advise that we use Windows authentication over
mixed-mode authentication since SQL Server stores passwords for SQL logins in plain text. If
mixed-mode authentication is compulsory for back harmony reasons, afterwards safeguard that complex
passwords are used for sysadmin and all other SQL login accounts. This can be achieved by checking
the “Enforce cue expiration” and “Enforce cue policy” options for sysadmin and all other
SQL logins.

For some-more on SQL Server security

Ten common SQL
Server security

Five discerning stairs to softened SQL
Server security

Server security
best practices also suggest renaming these accounts since sysadmin is a
powerful comment that is good famous to many hackers, and a name change will make it more
difficult for hackers to take control. It is also suggested not to conduct your SQL Servers using
sysadmin. Also, safeguard that BUILTINAdministrator is not a member of a sysadmin role; otherwise
it grants sysadmin permissions to any comment in a internal administrators group.

SQL injection. SQL injection is another reason for unapproved entrance to databases.
That’s since a SQL formula within a focus allows approach updates to tables, and many of the
SQL formula parameters are not validated. Validate formula parameters and perform all updates to
databases regulating SQL Server store procedures.

Guest users. Logins who do not have an compared database user inside user databases are
still means to entrance a supportive information inside these user databases. This is since a guest user
is enabled within these databases. Disable guest users. This will safeguard that members with public
server roles can't entrance user databases in SQL Server, unless we have entrance categorically assigned
to a database.

Computer pathogen attack. Company XYZ’s SQL Servers have been pounded a few times in the
past year by mechanism viruses. Most of a SQL Server confidence patches, hotfixes and updates have
not been practical on these influenced SQL Servers. Security updates and rags are constantly
released by Microsoft companies should request these to strengthen opposite a aforementioned

Using common TCP/IP ports. It has been remarkable that many of a servers pounded by hackers
were regulating common TCIPIP ports such as 1433 and 1432. Change from customary TCP/IP ports, if
possible, to safeguard SQL Server security.

Database backups stolen. In a past few months, it has been remarkable that database backups
have been stolen due to diseased network security. Also, information has been stolen and copied from tables to
files on handling systems. Company XYZ is suggested to secure a database backups by enabling Transparent Data Encryption. Also, make certain xp_cmdshell and OPENROWSET have
been infirm on a instance of SQL Server and usually systems administrators have entrance to these
SQL Server features.

Lack of monitoring. Currently, SQL Server users’ activities are not monitored on Company
XYZ’s SQL Servers. Obviously, this non-stop a doors for hackers to entrance a company’s servers
without fear. SQL Server provides a accumulation of facilities such as login auditing or logon triggers,
common correspondence criteria, ddl triggers, even presentation and review selection to track
malicious activities on SQL Server.

This was initial published in Nov 2012

Article source:

An artificially intelligent future: Ray Kurzweil on engineering a brain

Wednesday, November 28th, 2012

So what’s next? Machines are going to spin some-more human-like, Kurzweil
predicts. In How to Create a Mind, he discusses how to copy the
brain, know ‘the beliefs of operation, a simple ideas that
expansion utilized to emanate intelligent performance’ and afterwards ‘focus,
amplify and precedence them’ to emanate even smarter machines.

Kurzweil dismisses a explain of his detractors that it would take ‘trillions
of lines of code’ to copy a brain. He sees a mind as covering on layer
of settlement recognition, that extend from spotting a figure of a minute to
irony, humour or pity. ‘There are 300 million settlement recognisers in the
tellurian cortex,’ he says. By simulating these biological modules, he is
assured that before prolonged a impulse will come when computers can model
tellurian consciousness.

And yet, Kurzweil adds, ‘There are stipulations to a tellurian brain.’ The
electrical signals that zip around a heads are rather sluggish. So why
not, he says, rise ways to download a minds into machines? ‘We have
extended a earthy strech and we are now going to extend a mental reach,
by merging with a tools.’ To do that non-invasively will take technology
that he predicts is usually a few decades away.

Now 64, he wants to safeguard that he is still around when amiability takes its
successive evolutionary step. His father died of heart disease, and he himself was
diagnosed with high cholesterol and form 2 (adult) diabetes aged 35. After
regulating out-of-date diet to tackle these problems, Kurzweil motionless to try
suppositional ideas. A decade ago he met
Terry Grossman, a ‘leading proponent of immortality medicine’, who prescribed
a cocktail of interrelated treatments. In reality, that means about 150
pills a day. Kurzweil claims his earthy form now matches that of
‘someone most younger than myself’, so he might still be alive when scientists
build a successive ‘bridge’ in technology, a branch dungeon revolution, and that in
spin will keep him creation predictions until a successive bridge, when
nanobots will have been designed to stalk around his bloodstream.

A review with Kurzweil is entertaining, thought-provoking and only a
small bit bonkers. But one thing is certain – this is a male who is not
prepared to accept his limitations.

Roger Highfield is executive of outmost affairs during a Science Museum
Group. ‘How to Create a Mind’, by Ray Kurzweil, will be published by
Duckworth in February

Article source:

Security Guru Pledges to Strengthen Critical Computers David Talbot

Friday, November 23rd, 2012

Stuxnet, a square of antagonistic program detected in 2010, targeted industrial program determining Iran’s uranium-enrichment centrifuges. But a formula got loose—and it continues to spread: Chevron, for example, pronounced final week that a network had been putrescent by Stuxnet.

The awaiting that malware like Stuxnet could taint and interrupt vicious pieces of infrastructure worries supervision officials (see “Old-Fashioned Control Systems Make U.S. Power Grids, Water Plants a Hacking Target”) and mechanism scientists like Eugene Kaspersky, CEO of a Moscow-based antivirus association Kaspersky Lab. He has been talking about building secure handling systems for industrial systems, a theme he discussed with MIT Technology Review.

How distant has Stuxnet or identical antagonistic program spread beyond the intended target? What repairs or costs are famous to have resulted?

I am certain there are some-more vicious companies, vicious to inhabitant mercantile and inhabitant security, putrescent by Stuxnet. Unfortunately we don’t have any tough information on this. Stuxnet had putrescent an estimated 100,000 machines in approximately 30,000 organizations in a month of Sep 2010.

You say youre operative on a secure handling system for industrial systems. What is your due solution?

There is usually one approach to safeguard sufficient protection—a secure OS to pledge there is no neglected formula executed in this environment. This is achieved with a micro-kernel complement that, by design, will not concede execution of unapproved code.

Where does your secure OS stand?

A antecedent is ready. We are operative with a integrate of companies—I can't divulge that ones yet, though one of them is a vast energy-generating company—in building a antecedent to strengthen a industrial environment, to make certain there are no vicious mistakes in a system. Yes, there will be flaws in a stream code, though we wish to be certain a core ideas of a OS work. These companies also have to rise secure applications to run on a platform.

What “ideas of a OS” are we referring to?

The categorical thought is that any and all activity will be manifest to administrators, and that undeclared functions will be impossible. Existing handling systems have not been combined with confidence in mind. For a infancy of them, confidence is an discretionary extra, definition vulnerabilities are fundamental in their underlying architecture. The new OS is formed on a beliefs of security.

Of course, we are not ignoring what other handling systems have already achieved [in apropos some-more secure], though we trust a turn of confidence afforded to them is not adequate given a rate during that today’s threats are progressing.

Why can’t we have this turn of confidence on all computers, and not only ones in vicious infrastructure?

Use of a secure OS could positively extend over vicious infrastructure, and embody any classification who values security. We pattern that extended confidence mandate will be promoted essentially by supervision agencies and will request both to private and to government-owned facilities.

What about fortifying critical infrastructure with surplus systems, or primer ones?

Hybrid surplus systems and primer systems can help, though new industrial systems are some-more and some-more mechanism controlled. It is cheaper and easier to design. Even a newer American prisons are tranquil digitally, and not manually, so these systems are also exposed for Stuxnet-like attacks.

Article source:

Windows Azure Mobile Services creates backends for Windows 8, iPhone

Saturday, November 3rd, 2012

Windows front-end developers have adequate on their plates simply migrating from Windows 32 desktop and Web apps to XAML/C# or HTML5/JavaScript and a new Windows Runtime (WinRT) for Windows Store apps.

The cost of training teams new back-end coding skills for user authentication and authorisation with Microsoft Accounts (formerly Live IDs) could be a straw a breaks a camel’s back. Add to that messaging with Windows Notification Services (WNS), email and SMS as good as structured storage with Windows Azure SQL Databases (WASDB) and targeting

    When we register, my group of editors will also send we alerts about public, private and hybrid cloud computing as good as other associated technologies.

    – Margie Semilof, Editorial Director

Windows 8 and Azure: Microsoft’s bequest shun route, and it all becomes a bit much.

To palliate .NET developers into this dauntless new universe of mixed inclination trimming from Win32 bequest laptops to touchscreen tablets and smartphones, Microsoft’s Windows Azure group expelled a Windows Azure Mobile Services (WAMS) Preview. The initial recover supports Windows Store apps (formerly Windows 8 applications) only; Microsoft promises support for iOS and Android inclination soon.

The recover consists of a following:

  1. A Mobile Services choice combined to a new HTML Windows Azure Management Portal generates a back-end database, authentication/authorization, presentation and server-side scripting services automatically.
  2. An open-source WAMS Client SDK Preview with an Apache 2.0 permit is downloadable from GitHub; a SDK requires Windows 8 RTM and Visual Studio 2012 RTM.
  3. A representation doto application demonstrates WAMS multi-tenant facilities and is also accessible from GitHub. This representation is in further to a educational walkthroughs offering from a Mobile Services Developer pages and a OakLeaf Systems blog.
  4. A Store menu add-in to Visual Studio 2012’s Project menu accelerates app registration with and deployment to a Windows Store.
  5. A form non-stop in Visual Studio 2012 can obtain a developer permit for Windows 8, that is compulsory for formulating Windows Store apps.

WAMS eliminates a need to handcraft a some-more than a thousand lines of XAML and C# compulsory to exercise and configure Windows Azure SQL Database (WASDB), as good as analogous Access Control and Service Bus presentation components for clients and device-agnostic mobile behind ends. The RESTful behind finish uses OData’s new JSON Light payload choice to support mixed front-end handling systems with smallest information overhead. WAMS’s Dynamic Schema underline auto-generates WASDB list schemas and relations so front-end designers don’t need database pattern expertise.

Expanding a WAMS device and underline repertoire

Scott Guthrie, Microsoft corporate VP in assign of Windows Azure development, announced a following device support and facilities in a blog post:

  1. iOS support, that enables companies to bond iPhone and iPad apps to Mobile Services
  2. Facebook, Twitter and Google authentication support with Mobile Services
  3. Blob, Table, Queue and Service Bus support from within Mobile Services
  4. The ability to send email from Mobile Services (in partnership with SendGrid)
  5. The ability to send SMS messages from Mobile Services (in partnership with Twilio)
  6. The capability to pattern mobile services in a West U.S. region.

The refurbish didn’t cgange a strange Get Started with data or Get Started with pull notifications C# and JavaScript representation projects from a Developer Center or Paul Batum’s strange DoTo representation application in a GitHub samples folder.

Starting out with Data Services

Before we can exam expostulate WAMS, you’ll during slightest need a Microsoft Account (a.k.a., Live ID) and a Windows Azure hearing subscription. Next, ask entrance to a WAMS Preview from a Windows Azure Management Portal by clicking a Account tab, Preview Features couple and afterwards a Mobile Services section’s “Try It Now” button.

You’ll accept an email summary in a day or dual instructing we how to supplement a Mobile Services object to a portal’s navigation pane. You can emanate adult to 10 giveaway Mobile Services during a preview period.

Clicking a +New button, selecting Mobile Services and clicking Create opens a form to use an existent Windows Azure SQL Database or to emanate a new one. The representation ToDo app, that is formed on a WASM Developer Center‘s 3 “Getting Started …” examples, captures and stores charge information in a elementary TodoItem list with id (bigint, idenitity), text (nvarchar(max)), and complete (bit) columns.

The Dynamic Schemas underline automatically adds userId (nvarchar(max)) and channel (nvarchar(max)) columns for authorisation and notifications when incorporating those facilities later. The use generates all XAML and C# formula compulsory to arrangement a app’s categorical form when we press F5 to build and run it in Visual Studio 2012 (see Figure 1).

Figure 1. Use a Dynamic Schemas underline to supplement channels and columns for authorizations and notifications.

To equivocate astonishing behaviors, use a same Microsoft Account that we used for your hearing or paid subscription to ask acknowledgment to a WAMS Preview and to record into Windows 8 when contrast a initial customer app with Visual Studio 2012.

Adding user authentication and authorisation with server permissions and customer scripts

WAMS takes advantage of a Live SDK for Windows and Windows Phone to yield singular sign-on (SSO) authentication with a Microsoft comment we use to record into Windows 8. On my blog, we report how to register a app with Windows Push Notifications Live Connect services by formulating a Package.appxmanifest record in Visual Studio 2012. Use a Live SDK for iOS and Live SDK for Android when a WAMS group extends a strech to Android devices. You can also capacitate authentication with a new Facebook, Google and Twitter temperament providers.

WAMS adds a elementary form to a Management Portal that lets developers set server-side permissions to sanction users to entrance a TodoItem list (see Figure 2).

Figure 2. The Table Permissions form for a TodoItem list lets developers select a turn of user authentication to read, insert, refurbish and undo operations.

Adding a anxiety to Live SDK, using statements for Microsoft.Live and Windows.UI.Popups namespaces, and 23 lines of C# formula brings adult a Let This App Access Your Info? pop-up window. This form enables users to give or exclude app permissions to pointer a user in automatically and entrance a user’s name, gender, arrangement picture, contacts and friends. If a user accepts access, a logon summary opens.

Server-side scripts capacitate users to pass certification to a Live ID behind finish for authorization. A book editor lets developers simply supplement a JavaScript item.userId = user.userID matter to a default request.execute duty for insert, update and delete functions (see Figure 3).

Figure 3. Server-side book editors facilitate a further of a singular line of formula to pass userId values for authorisation of operations on a TodoItem table.

Finally, supplement a JavaScript query.where({ userId: user.userId }); matter to a read duty to lapse usually equipment for a logged-on user.

Delivering pull notifications

WAMS and a LiveID SDK also capacitate inclination to push a presentation to a user on inserting a new row in a TodoItems table. My blog entrance describes how to supplement a Windows.Networking.PushNotifications; as good as a matter and formula to announce and broach a value to a public immobile CurrentChannel non-static to a customer code. Steps 1-4 and 1-5 supplement a new DataMember skill named channel and formula to a ButtonSave_Click eventuality handler for a sum of 8 lines of C# code. Then, we use a Management Portal to register a app’s Security ID (SID) in a Push form as one of a Windows Application Credentials (see Figure 4).

Figure 4. Mobile Services needs a Client Secret and Package SID values to brand a customer that requests entrance to a database tables.

Finally, a app needs a Channel list to store a channel URIs used to send pull notifications alone from TodoItems. You can also supplement 17 additional lines of C# formula (for an app sum of 25) and 10 lines of JavaScript Insert() duty formula to finish a pull notifications underline (see Figure 5).

Figure 5. The final pull notifications exam competence uncover mixed presentation tiles for one or some-more TodoItems entry.

Registering an app with a Windows Store

Microsoft is dynamic to make a Windows Store rival with Apple’s App Store, hopefully but a draconian vetting process, as good as with Google Play. My blog post covers how we dressed adult a Oakleaf ToDo app’s UI with tradition bitmap files of varying sizes (see Figures 6 and 7). we also fact a entire acquiescence process to a Windows Store.

Figure 6. This is a customary 150 x 150 px trademark tile; a far-reaching trademark is a 300 x 150 px tile.

Figure 7. App searches and notifications use a 50 x 50 px trademark tile.

The Windows Store was a solitary means of deploying apps that launch from start page tiles when Windows 8 became generally available. I’ve submitted an updated chronicle of a OakLeaf ToDo app for Windows Store registration. If it passes muster, we should be means to find it with a hunt on OakLeaf in early November. The registration reserve grew extensive in late Oct since of app developers’ rush to accommodate a scheduled RTM of Windows 8 in late Oct 2012.

Roger Jennings is a data-oriented .NET developer and writer, a Windows Azure MVP, principal consultant during OakLeaf Systems and curator of a OakLeaf Systems blog. He’s also a author of some-more than 30 books on a Windows Azure Platform, Microsoft handling systems (Windows NT and 2000 Server), databases (SQL Azure, SQL Server and Access), .NET information access, Web services and InfoPath 2003. His books have some-more than 1.25 million English copies in imitation and have been translated into some-more than 20 languages.

This was initial published in Oct 2012

Article source:

Apple Programs High On Cyber Security Vulnerability List For First Time …

Friday, November 2nd, 2012

Popular Apple programs iTunes and QuickTime are being used by malware formula writers to penetrate into resource platforms and potentially take data, Russian-based cybersecurity organisation Kaspersky Lab pronounced Friday.

In their third entertain IT Threat Evolution report, Kaspersky Lab analyst Yury Namestnikov said that those dual Apple programs seemed on a tip 10 list of many exposed programs for a initial time, violence out Microsoft products.

The iTunes vulnerabilities were speckled by Kaspersky on the Mac OS X v10.5 and later, Windows 7, Vista, and Windows XP SP2.  A Kaspersky Lab press officer pronounced QuickTime exploits were found on Windows 7, Vista and Windows XP SP2 or later. But for Mac OSX users, a vulnerabilities possibly didn’t impact their computers or were addressed by confidence updates.

All told, Kaspersky Lab pronounced that a sum of 30,749,066 exposed programs and files were rescued on computers regulating a Kaspersky Security Network (KSN), with an normal of 8 opposite vulnerabilities rescued on any influenced computer.

The dual many frequently exploited vulnerabilities — where malware initial entered a resource height — were by Oracle‘s dual Java versions, accounting for 35% and 21.70% of influenced computers respectively. Java vulnerabilities were used in 56 percent of all cyber attacks. According to Oracle, opposite versions of Java are commissioned on over 1.1 billion computers. Because updates for Java program are commissioned on direct rather than automatically, there is a longer shelf-life for vulnerabilities. Java vulnerabilities continue to be a favorite of cyber criminals, Namestnikov said, since Java exploits are easy to use underneath any Windows. And with some additional work by worldly malware formula writers, cross-platform exploits can simply be combined regulating botnets like Flashfake.

After Java, Adobe’s Flash, Reader/Acrobat, and Acrobat were a number’s 3 4 and 5 spot.

Apple’s QuickTime and iTunes came in during sixth and seventh place, with vulnerabilities display adult on 13.8 percent and 11.7 percent of computers respectively.

Microsoft did not seem on a Top 10 vulnerabilities list for a initial time ever, essentially since a involuntary updates resource in new versions of Windows has been good developed.

Users on both systems should check Apple’s Security Update page to safeguard iTunes and QuickTime are updated with a latest confidence walls, a Kaspersky Lab orator in Massachusetts pronounced Friday.

Article source:

Insight: Crunching a numbers to boost contingency opposite cancer

Thursday, November 1st, 2012

Thu Nov 1, 2012 11:15am EDT

FRANKFURT (Reuters) – Software engineers are relocating to a front in a fight on cancer, conceptualizing programmes that differentiate genetic sequencing information during lightning speed and minimal cost to brand patterns in tumors that could lead to a subsequent medical breakthrough.

Their investigate aims to pinpoint a mutations in a genetic formula that expostulate cancers as opposite as breast, ovarian and bowel. The some-more accurate their work is, a improved a possibility of building an effective new drug.

Ever given James Watson and Francis Crick detected a structure of DNA in 1953, scientists have been obscure over how genes make us who we are. The connection of computing and medicine is accelerating a gait of genetic research.

But creation clarity of a swathes of information has spin a logjam.

That, in spin has combined an event for mechanism geeks and tech firms such as Microsoft, SAP and Amazon.

Oncology is a largest area of therapy in a tellurian drugs marketplace with marketplace researcher IMS presaging it will boost to $83-$88 billion by 2016 from $62 billion in 2011. Computational genomics – regulating computers to interpret a person’s genetic instructions and a mutations in carcenogenic cells – is rising as a motorist of this growth.

Life Technologies Corp and Illumina Inc are among firms building apparatus that can remove a person’s whole genetic formula – their genome – from a dungeon sample.

The newest machines are about a distance of an bureau printer and can method a genome in a day, compared with 6 to 8 weeks a few years ago. They can review a 3.2 billion chemical “bases” that make adult a tellurian genetic formula for $1,000, compared with $100,000 dollars in 2008.

Growing numbers of program engineers are indispensable to assistance make clarity of all this data.

“Many labs can now beget a information though fewer people or labs have a imagination and infrastructure to investigate it – this is apropos a bottleneck,” pronounced Gad Getz, who heads a Cancer Genome Analysis organisation during a Broad Institute in Boston, jointly run by MIT and Harvard.

Getz is one of a new era of computational biologists who rise algorithms to parse information from tens of thousands of dungeon samples, common with investigate institutes around a globe.

He and his group of 30 are perplexing to settle repeated patterns in a mutations and how they are related to enlargement growth. They are regulating some 1,200 estimate units, any with 4-8 gigabytes of pointless entrance memory – about a computing energy that comes with many desktop PCs.


Eli Lilly CEO John Lechleiter sees intensity for progress.

“We are starting to collect a believe that we gained by a sequencing of a tellurian genome, a bargain of tellurian genetics, illness pathways. We’ve got new collection that we can use in a laboratory to assistance us get to an answer much, most faster,” pronounced Lechleiter, whose organisation is co-owner of a rights to bowel cancer drug Erbitux.

Approved drugs that take genetic information into comment embody Amgen’s Vectibix and AstraZeneca’s Iressa. But both these drugs get from a singular mutation. Sequencing has laid unclothed many some-more mutant genes – mostly hundreds in any given enlargement – and highlighted a need for a subtler proceed to cancer treatment.

Roche, a world’s largest builder of cancer medicines, has spent several million euros on information record for a commander intrigue examining how cancer cells in petri dishes conflict to new drugs. The intrigue involves crunching hundreds of terabytes of gene sequences.

“It’s a initial large-scale in-house sequencing plan for Roche and we design some-more to follow in a nearby future,” pronounced Bryn Roberts, Roche’s conduct of informatics in drug investigate and early development.

Roberts pronounced a project, that uses estimate energy homogeneous to hundreds of high-end desktop PCs, was self contained though there were skeleton to pull in outmost data. This would need advances in cloud computing – regulating program and computing energy from remote information centers – though Roberts pronounced a record would shortly be available.

“The scale of a problem means a resolution will be on an general collaborative scale,” he said.


The trend of regulating cloud computing networks to concede blurb and open researchers to share cancer information is earnest for a likes of IBM and Google that according to GBI Research are already determined providers of cloud computing to drug makers’ investigate efforts.

Amazon, with a cloud computing section AWS, pronounced it is benefiting as life scholarship researchers rethink how information is stored, analyzed and shared. “We are happy with a enlargement we are seeing,” a orator said, disappearing to yield figures.

Microsoft pronounced it was dedicating “significant resources” to a enlargement of cloud computing in a health and life sciences markets.

“Pharma RD will be operative with other record companies, like Microsoft, in building new algorithms, methodologies and indeed even therapies themselves,” pronounced Les Jordan, arch record strategist during Microsoft’s Life Sciences unit.

The world’s largest business program association SAP has teamed adult with German genetic contrast dilettante Qiagen. They are modifying SAP database program so that certain cancer evidence tests, that now keep a network of super computers bustling for days, can be run on a desktop PC within hours.

Genetic investigate has suggested that forms of cancer, now treated as one since they are in a same organ and demeanour a same underneath a microscope, are driven by opposite genetics.

Hans Lehrach during a Max Planck Institute for Molecular Genetics in Berlin says any singular enlargement should be seen as an “orphan disease”, regulating a tenure for singular illnesses that typically prompt drug regulators to make drug capitulation easier.

He has designed a program he describes as a practical patient. It suggests a drug or a brew of drugs formed on any tumor’s genetic fingerprint. A singular box can take several days to be processed.

Lehrach, a geneticist who says he has created program formula via his systematic career, likens his proceed to that of a meteorologist who regards any day’s set of readings as unique.

Taking a analogy further, he says a gathering of stratifying cancer patients is homogeneous to a continue foresee formed on elementary manners such as ‘red sky in a morning, soldier take warning’.

At a section of Berlin’s Charite university hospital, 20 patients left with no other diagnosis options for their assertive form of skin cancer are being diagnosed formed on Lehrach’s mechanism model.

The hearing is exploratory and there are no formula nonetheless on a altogether diagnosis success, though a project, like many others, is driven by a wish that cancer can be wrestled down by perfect computing power.

(Additional stating by Stephanie Nebehay; modifying by Janet McBride)

Article source:

Researcher to denote feature-rich malware that works as a browser …

Thursday, October 25th, 2012

IDG News Service – Security researcher Zoltan Balazs has grown a remote-controlled square of malware that functions as a browser prolongation and is able of modifying Web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication confidence facilities enforced by some websites, and most more.

Balazs, who works as an IT confidence consultant for veteran services organisation Deloitte in Hungary, combined a proof-of-concept malware in sequence to lift recognition about a confidence risks compared with browser extensions and as a call to a antivirus attention to take this form of hazard some-more seriously.

The researcher skeleton to recover a malware’s source formula on GitHub during a display during a Hacker Halted confidence discussion in Miami subsequent Tuesday, after carrying common a formula in allege with antivirus vendors.

There are famous cases of cybercriminals regulating antagonistic browser extensions. For example, in May, a Wikimedia Foundation issued an alert about a Google Chrome prolongation that was inserting brute ads into Wikipedia pages.

So far, cybercriminals have essentially used antagonistic browser extensions to perform click rascal by inserting brute advertisements into websites or hijacking hunt queries. However, Balazs’ plan demonstrates that this form of malware could be used to launch distant some-more critical attacks.

The researcher combined versions of his proof-of-concept prolongation for Firefox, Chrome and Safari. A chronicle for Internet Explorer competence also be grown in a future, Balazs pronounced on Wednesday.

The prolongation can be used to take event cookies and even by-pass two-factor authentication systems like a one implemented by Google, a researcher said. This would concede enemy to take accounts on opposite websites.

The Firefox chronicle can also: take passwords from a browser’s built-in cue manager; download and govern files (only on Windows); cgange a calm of Web pages in a same approach that banking Trojans cgange online banking websites to censor brute transaction records; take shade shots by a computer’s webcam by accessing a Flash focus hosted on a Web page; act as an HTTP substitute that allows an assailant to promulgate with a server on a victim’s inner network, and more.

The prolongation also works in Firefox for Android, where it loses some functionality since of a handling system’s restrictions though gains some other capabilities like a ability to establish a device’s geographical coordinates, Balazs said.

The Chrome chronicle of a prolongation can't be used to download, upload or govern files during a moment. “There are ways to do this, though we didn’t have time to exercise them yet,” Balazs said.

However, Chrome’s support for Native Client (NaCl), a sandboxing record that allows Web applications to run C or C++ formula inside a browser, can be leveraged by a Chrome prolongation to well moment cue hashes.

Article source:

New formula of control in marketing

Sunday, October 14th, 2012

Quick Response (QR) codes take a judgment of barcodes to a subsequent level

Over a past few decades, we’ve focussed a energies on migrating information from a earthy universe on pen-and-paper into digital formats. In a process, we’ve combined vast information troves on a Internet regulating computers to be means to organize and store all a information we have. And computers have merely been assisting us routine this information.

But a destiny is in a converse: where computers start to observe, cushion and news a earthy world.

Of course, computers don’t correlate with a earthy universe like us; so we emanate collection that concede computers to do so. Take, for instance, barcodes. Here, straight lines are scanned regulating a skinny lamp of light (usually laser), and this allows a mechanism to brand a book or a product though carrying to feed this information into a computing system. We see this during counters during grocery stores, supermarkets and libraries. The destiny of a Web will be rather identical though distant some-more sophisticated, wherein computers will brand a earthy universe by looking during it, many like we do: with ‘digital eyes’ regulating semiconductor-based cameras.

QR codes

Original barcodes contain patterns done of together lines varying in width, conveying a method of ones and zeroes, that a mechanism can indicate to decode into a relating series or appreciate as any other applicable information. Using a dedicated scanning apparatus has been an fundamental problem of a barcode system. Today, with digital cameras apropos entire — webcams on desktops, laptops, phones and mobile computing inclination — we can simply write program that can modify a images of barcodes into a applicable information though carrying to indicate a formula regulating laser beam.

Quick Response codes, or QR codes, take a judgment of barcodes to a subsequent level.

QR codes are dual dimensional patterns, customarily of black modules on white background, that can reason a lot some-more information than required barcodes. Not only numbers, though names, Web URLs, or content element too can be encoded into these codes. Once encoded and a QR formula is generated, it can be printed on an promotion hoarding or a product, and a cues are prepared for computers to make clarity of. Decoding QR codes to collect this information requires a mechanism to observe a QR formula around a digital camera, program to decode this information and connectivity to fetch applicable information from a Internet.

How it works

QR codes are block images, with smaller black spots holding a binary information, in a demeanour straight lines communicate characters in barcode. Three squares on 3 corners of a QR formula and a smaller block off a fourth dilemma assistance a mechanism brand a course of QR code. Keeping these corners as reference, a rest of a information is processed regulating elementary picture estimate techniques to decode a binary settlement into a mobile number, name or URL. After decoding this information, a phone call if it is a number, or a hunt outcome from a Internet if it is a URL are instigated regulating program programmes.

In marketing

QR codes are all set to turn a subsequent large thing in marketing. For, if a couple to squeeze a product is shown on an announcement hoarding as QR code, a chances of converting a announcement into a sale is higher.

However, being an all-new technology, there is a training bend involved. Hence, building recognition on QR codes is critical before this can unequivocally locate on.

Another regard is security. There is a good possibility that QR codes of legitimate sites can be tampered to lead users into dangerous websites, or other confidence risks. These confidence risks have acquired a portmanteau tenure “attagging” (derived from conflict and tagging). Creating secure and singular QR codes will be another challenge.

Google Goggles

Most smartphone handling systems (iOS, Android, Symbian) support QR formula reading. Light and elementary program packages from their particular focus stores can be used to confederate with a on-board cameras to yield an additional bit of comprehension to a smartphones, creation them smarter!

The many renouned of such packages is Google Goggles. This app by Google is some-more than a QR formula reader: it is Google’s entrance in regulating images for search. When commissioned on smartphones, a phone handling complement attempts to brand a cinema that are being clicked by looking adult for a tags in pictures.

Identifying website logos, famous monuments are a facilities Google Goggles is able of. By embedding a QR formula in a poster, or a commodity, when a user scans a formula regulating a smartphone camera, a information is immediately suggested.

QR codes with assistance of collection like Google Goggles are assisting us in. closer to bridging a order between computers bargain a earthy world.

Article source: