• Samsung’s iPad mini rival, the Galaxy Note 8.0 tablet, revealed in leaked images


    Samsung Galaxy Note 8.0Samsung Galaxy Note 8.0

    While Samsung (005930) has had tremendous success over the past year with its Galaxy brand of smartphones, the company hasn’t been able to generated the same amount of buzz for its Galaxy tablet line just yet. But now SamMobile points us to the first leaked pictures of Samsung’s new Galaxy Note 8.0 that the company hopes will become its flagship tablet in 2013. The pictures, posted on Italian website DDAY, show an 8-inch white tablet that looks like a large Galaxy S III and features thicker side bezels than Apple’s (AAPL) recently released iPad mini. 

    The pictures also show off the new tablet display’s 16:10 aspect ratio with a resolution of 1280 x 800 pixels, which packs more pixels per inch than the iPad mini display and its 1,024 x 768 resolution. We’ll get our first official glimpse of the Galaxy Note 8.0 when Samsung shows it off at Mobile World Congress next month.

  • Every day we read about an incredible number of successful attacks and data breaches that exploited leak of authentication mechanisms practically in every sector. Often also critical control system are exposed on line protected only by a weak password, in many cases the default one of factory settings, wrong behavior related to the human component and absence of input validation makes many applications vulnerable to external attacks.

    Today, we are focusing on the attention of a report published by the consulting firm's Deloitte titled “Technology, Media & Telecommunications Predictions 2013” that provide a series of technology predictions, including the outlook for subscription TV services and enterprise social networks. The document correctly expresses great concern of the improper use of passwords that will continue also in 2013, being the cause of many problems, it must be considered that the value of the information protected by passwords continues to grow, attracting ill-intentioned.

    The report focuses on the need to reconsider password management processes in the light of technological contexts that we will before Duncan Stewart, Director of TMT Research, declared: "Passwords containing at least eight characters, one number, mixed-case letters and non-alphanumeric symbols were once believed to be robust,” “But these can be easily cracked with the emergence of advance hardware and software.”

    “Moving to longer passwords or to truly random passwords is unlikely to work, since people just won't use them,” Stewart said.

    “An eight character password chosen from all 94 characters available on a standard keyboard33 is one of 6.1 quadrillion34 (6,095,689,385,410,816) possible combinations. It would take about a year for a relatively fast 2011 desktop computer to try every variation. Even gaining access to a credit card would not be worth the computing time. However, a number of factors, related to human behavior and changes in technology, have combined to render the ‘strong’ password vulnerable.”

    Using a brute force attack for an 8-character password with a dedicated password-cracking machine employing readily available visualization software and high-powered graphics processing units is possible to discover the password in only 5.5 hours. The cost of such machine is about $30,000 today but as explained in the reports hackers could obtained same computational capabilities from huge botnet.

    Not only password length concerns the researchers, also the human factor could expose password management process to serious risks, for example humans never remember long and complex credentials, they tend to adopt password easy to remember and related to their life experience, in many cases the password is re-used and in the time across different services, from movie on line store to banking account. The average user has 26 password-protected accounts, but only five different passwords across those accounts. According a recent study of six million actual user generated passwords, the 10,000 most common passwords would have accessed 98.1 percent of all accounts, an information that gives us an idea of how much vulnerable the password management process.

    “Once a hacker has a password, he or she can potentially have the keys to the cyber kingdom based on most consumers’ behavior.”

    Deloitte Deloitte predicts that in 2013, more than 90% of user generated passwords, even those considered strong by IT departments will be vulnerable to hacking with serious consequences, the company predicts in fact billions of dollars of losses, declining confidence in Internet transactions and significant damage to the company reputations for the victims of attacks.

    The reports states:
    “How do passwords get hacked? The problem is not that a hacker discovers a username, goes to a login page and attempts to guess the password. That wouldn’t work: most web sites freeze an account after a limited number of unsuccessful attempts, not nearly enough to guess even the weakest password. Most organizations keep usernames and passwords in a master file. That file is hashed: a piece of software encrypts both the username and password together. Nobody in the organization can see a password in its unencrypted form. When there is an attempt to log in, the web site hashes the login attempt in real time and determines if the hashed result matches the one stored in the database for that username. So far, so secure. However, master files are often stolen or leaked. A hashed file is not immediately useful to a hacker, but various kinds of software and hardware, discussed in this Prediction, can decrypt the master file and at least some of the usernames and passwords. Decrypted files are then sold, shared or exploited by hackers.”

    As described, another problem is related to use of passwords on various platforms, let’s consider that the average user takes 4-5 seconds to type a strong ten character password on a PC keyboard, time increases to 7-10 seconds on a mobile devices with a keyboard and to 7-30 seconds on touchscreen devices. As consequence, a quarter of the people surveyed admitted to using less secure passwords on mobile devices to save time.

    SplashData, which develops password management applications, reveals its Annual “25 Worst Passwords of the Year” enumerating the list of most common password chosen by users.

    The three worst passwords haven’t changed respect previous year, they’re “password”, “123456” and “12345678” and new passwords have been introduced in the top list such as “welcome”, “jesus” and “ninja”.
    password hacking

    Following the top ten list:

        password (unchanged)
        123456 (unchanged)
        12345678 (unchanged)
        abc123 (up 1)
        qwerty (down 1)
        monkey (unchanged)
        letmein (up 1)
        dragon (up 2)
        111111 (up 3)
        baseball (up 1)

    Have you ever used one of the most popular passwords of 2012 for your own personal accounts? Change it!

    What could improve password management? SSO systems represent a good solution to do it, for example allowing in the simplest way the use of long or random passwords respecting the elementary best practices for password management. Also, this system must be protected from hacking attacks.

    The implementation of multifactor authentication processes token based (both software and hardware) represents the best compromise between costs and security, that is also the way that security IT security travels in the future.
  • target-java The year is start way for Oracle Java platform, a new Java 0-day vulnerability has been discovered and worldwide security community is very concerned on the potential effect of the bug. We have discovered how much dangerous could be the exploit of a zero-day vulnerability especially against institutional targets and governments (e.g. Elderwood project), state-sponsored hackers could use it for dangerous cyber incursions.
    The vulnerability allows an hacker to take control of victim’s machines, Java 7 Update 10 and earlier version contain a vulnerability that can allow a remote attacker to execute arbitrary code on user’s pc, The “Malware Don’t Need Coffee” blog posted an interesting article titled “0 day 1.7u10 (CVE-2013-0422) spotted in the Wild – Disable Java Plugin NOW !”. The title gives an idea of the high impact of the news and of course the risky consequences for millions of users unaware of the problem.
    The news has been also confirmed by security expert at AllienVault Labs that posted on their web site the following declaration:
    “The Java file is highly obfuscated but based on the quick analysis we did the exploit is probably bypassing certain security checks  tricking the permissions of certain Java classes as we saw in CVE-2012-4681 . Right now the only way to protect your machine against this exploit is disabling the Java browser plugin.”
    Unfortunately in the underground are already available exploits that exploit the vulnerability, the popular exploits packs the BlackHole Exploit Kit and the Nuclear Pack Kit already include the needed code. Easy to predict that soon it will be available a specific module for  Metasploit framework to exploit the vulnerability. ‘Paunch,’, the creator of Blackhole, announced that the Java zero-day was a ‘New Year’s Gift,’ to its client that acquire exploit kit.

    Nuclear Pack exploit
    The hackers news magazine reports:
    “This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.” This exploit is already available in two Exploit Packs, that is available for $700 a quarter or $1,500 for a year. Similar tactics were used in CVE-2012-4681, which was discovered last August. Source of this new Exploit available to download Here.”
    How the exploit works?

    Blackhole kit is installed on a compromised websites and exploits vulnerabilities of user’s browsers to inject malicious code into victim’s machine when he visits the site.

    Just yesterday The U.S. Department of Homeland Security invited to users to disable Oracle Java software due the possible effects of the exploit of the vulnerability still unfixed.
    “We are currently unaware of a practical solution to this problem,” the Department of Homeland Security’s Computer Emergency Readiness Team announced in a post on its website published this week.
    “This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered,” “To defend against this and future Java vulnerabilities, disable Java in Web browsers.”
    Let’s see how long does it take for Oracle to release a patch!


    Oracle says it has repaired a security flaw in its Java software that inspired a rare call from the Department of Homeland Security, advising consumers to disable the software entirely.

    On Sunday afternoon, Oracle released a patch for the critical vulnerability, which could be exploited to install and execute malicious code on unguarded systems. And not a moment too soon. By the end of last week, security researchers had already spotted malware designed to exploit it in the wild. Some theorized the flaw potentially put more than 850 million PCs at risk.

  • A global survey of the business benefits of 4G LTE has revealed improvements to mobile working and increased innovation as advantages of the superfast broadband network standard.

    The 4G Long Term Evolution (LTE) standard for the wireless communication of high-speed data is already used by businesses in countries such as US and Germany.

    Mobile telecoms provider EE has now launched 4G LTE services in 11 UK cities, while in Nigeria, Airtel and Globacom are running their 4G LTE trials.

    EE has made 4G available in Bristol, Birmingham, Cardiff, Edinburgh, Glasgow, Leeds, Liverpool, London, Manchester, Sheffield and Southampton. Other cities will be added before the end of the year.

    In conjunction with the launch, EE released the findings of a survey of the business benefits of 4G LTE.
    EE's findings reveal three-quarters of US businesses are increasing innovation through 4G LTE and 86% of US firms believe more work is done by employees on the move. Similar benefits were found in Germany, Sweden and Japan.

    The study, carried out by consulting firm Arthur D. Little, is based on 14 in-depth interviews with 4G LTE-enabled businesses worldwide and responses from over 1,200 business decision makers.


    Innovation through 4G LTE

    Other findings from EE's 4G LTE survey

    • A firm combined 4G with head-mounted cameras allowing fieldworkers to stream video to experts back at base;
    • Another business installed CCTV cameras in record time by using 4G, instead of digging up the road to install a fixed line connection, saving time and money;
    • US haulage company said trucks literally became offices through 4G as employees no longer needed to return to base;
    • A law firm said that if staff forget a crucial file or need it unexpectedly, they can access it instantly from court, rather than race 10 miles back to the office;
    • 4G has helped US organisations to slash print costs as documents can be easily transferred between devices instead of being printed; 
    • A US-based construction company uses 4G to send vast quantities of critical data in the field back to base in real-time.

    Businesses using 4G LTE can introduce products and services more quickly than rivals who do not use the technology.

    The report gives two examples. A German car manufacturer is creating 4G-enabled cars when it releases the LTE Car Hotspot, a USB adaptor giving passengers access to superfast internet.

    A US construction company uses 4G to send vast quantities of critical data in the field back to base in real-time. It has used one application over 4G to reduce project completion times by as much as 30% and saves $1,000 a day.


    4G LTE increases mobile productivity

    Mobile employees can browse the internet faster than before, access files in the cloud more quickly and communicate with colleagues and customers using high-quality video conference calls on the move. The report found 40% of businesses said sales teams can complete deals in the field.

    A hospital in Germany is piloting 4G communications as a way to increase stroke survival rates. High data transfer speeds of 4G are essential for medical images to be sent from ambulances at the scene to the hospital.


    Cutting costs with 4G LTE network communications

    Almost half (47%) of businesses said 4G had saved their company money. The report revealed a small business in Los Angeles saved £62,000. This was achieved by introducing 4G devices and hot-desking, which led to reduced office space required; less employee time wasted; and lower print costs, with documents easily transferred between devices.

    The survey revealed that 74% of UK businesses are planning to use 4G.

    Joseph Place at Arthur D. Little said businesses are using 4G LTE to bring a more fundamental level of mobility to their organisations. “For example, 4G can be used to set up a fully connected office almost anywhere, dramatically increasing agility and responsiveness. We also expect to see innovative 4G-specific products emerging, for instance in the mHealth arena. We’re positive that Nigerian businesses and other countries will begin to see such benefits as they roll out 4G in 2013 and beyond.”

  • Since the release of windows 8, a lot of story has been going around about the good and bad of the new Microsoft OS.

    Many have wanted to try their hands on it, but couldn't afford to buy the new hardware systems preinstalled with the latest windows 8.

    So, in this article, I’ll be showing you how to prepare and configure your Windows 7 system to dual-boot Windows 8 from a DVD. While I’ll be using the Windows 8 Release Preview for this article, the procedure is very similar with the actual release version.



    For this article, I’m going to assume that you have already visited the Windows 8 Release Preview site and followed Microsoft’s instructions for downloading and converting the ISO file to a DVD in Windows 7. If you haven’t, you should do so before you get started with this article. The process is pretty straightforward and Microsoft has documented the steps you need to follow.


    Creating a System Image

    The first thing that you’ll want to do is create a System Image from within Windows 7’s Backup and Restore. When you do, you’ll end up with a complete image of your hard disk. That way, if anything out of the ordinary were to occur as you follow the steps for creating a dual-boot system, you will be able to return to your current configuration. Furthermore, I recommend that you also create a separate backup of your data. Maybe just make copies of all your data files on CD/DVD or on an external hard disk. While it may sound like overkill, having an extra backup will give you peace of mind.

    To create a system image, you’ll need to have a CD-RW/DVD-RW drive, an external hard disk, or access to a network drive. To access Backup and Restore, click the Start button, type Backup in the Search box, and press [Enter] when Backup and Restore appears in the result pane.
    Once you have Backup and Restore up, select the Create a System Image option and choose your backup location. As you can see in Figure A, I used a DVD-RW drive on my system.


    Figure A

    On my test system, I’ll use DVDs to create my system image.

    As you can see in Figure B, on my test system all the partitions on the drive are selected by default. To initiate the operation, just click Start backup. On my test system with a 500GB hard disk, it took over an hour and required eight DVDs.

    Figure B

    Creating a System Image on DVDs takes a little while.

    When the System Image is complete, you’ll be prompted to create a System Repair disc, as shown in Figure C. This is the disc that you will use to boot your system and restore your system image in the event that you need it.

    Figure C

    When the System Image is complete, you’ll be prompted to create a System Repair disc.


     Setting up a partition

    With your System Image discs safely tucked away, you’ll use the Disk Management tool to make room on your hard disk for Windows 8. To launch Disk Management, click the Start button, type Disk Management in the Search box, and press [Enter] when Create and format hard disk partitions appears in the result pane. When Disk Management launches, locate the operating system partition of the drive, right click, and select the Shrink Volume command. As you can see in Figure D, on my example system, there is a 100MB system partition and a 17GB HP Recovery partition in addition to the 450GB OS, or operating system, partition.

    Figure D

    Right click on the operating system partition of the drive and select the Shrink Volume command.

    For my Windows 8 partition, I set aside 50GB by entering 51200 as the amount of space to shrink the existing volume, as shown in Figure E. Once you’ve specified the size, click the Shrink button. It will take a several minutes to shrink the partition. When the operation is complete, you’ll see the new space at the end of the partition and notice that it is marked as Unallocated. In order to install Windows 8 without any problems, you should covert this unallocated space into a volume with a drive letter. To do so you’ll launch the New Simple Volume Wizard.


    Figure E

    To set up a 50GB partition, I entered 51200 as the amount of space to shrink the existing volume.
    To continue, right click the new partition and select the New Simple Volume command, as shown in Figure F. When you do, the New Simple Volume Wizard will launch.

    Figure F

    To launch the wizard, right click the new partition and select the New Simple Volume command.
    The New Simple Volume Wizard consists of five screens - the first and the fifth are shown in Figure G. As you progress through the wizard, you’ll be prompted to specify the size, assign a drive letter, choose a file system, enter a name for the volume, and choose how to format the drive. For everything but the volume name, you should just go with the defaults. As you can see, I specifically named the volume Windows 8 to prevent any ambiguity in later steps. Since the partition was created from your existing partition, you can just go with the Quick format option.

    Figure G

    The New Simple Volume Wizard consists of five screens.
    When you’re finished, you’ll see the new partition in Disk Manager. Figure H shows the new 50GB partition with the volume name, assigned to drive F, and marked as a Logical Drive.


    Figure H

    The 50 GB partition is now ready for the Windows 8 installation.


    Installing Windows 8

    Now that you have your partition established and assigned a drive letter, installing Windows 8 in a dual-boot configuration should be a pretty straightforward operation. Let’s take a closer look.
    To begin, insert the Windows 8 Release Preview DVD and reboot your system. After a few minutes, you’ll see the Windows Setup screen shown in Figure I and you will specify your language settings before clicking Next.

    Figure I

    The first step in the installation is to specify your language settings.
    Once the initial steps are taken care of, you’ll see the Windows Setup screen shown in Figure J and will click the Install Now button.


    Figure J

    To get started, just click the Install Now button.
    You’ll then see a Windows Setup screen shown in Figure K and will need to make sure that you select the Custom option.


    Figure K

    Make sure that you select the Custom Install Windows only option.

    At this point, Windows Setup will prompt you to choose the location to which you want to install Windows 8. As you can see in Figure L, on my test system it is showing all available partitions and I have selected the new volume labeled Windows 8 and assigned drive letter F.


    Figure L

    On my test system, I have selected the new volume labeled Windows 8 and assigned drive letter F.
    After selecting the new partition on which to install Windows 8 and clicking Next, the installation will begin, as shown in Figure M. This part of the operation will take a while so go get yourself a cup of coffee.


    Figure M

    As soon as you click Next, Windows Setup will begin copying files to the new partition.


    Dual-booting Windows 7/Windows 8

    When the installation is complete, Windows Setup will reboot your system one final time and you will then see the new Windows 8 style dual boot screen shown in Figure N. As you can see, Windows 8 will automatically launch in 30 seconds if you don’t choose Windows 7.


    Figure N

    The new Windows 8 style boot screen display for 30 seconds before launching Windows 8.
    If you want to alter the amount of time before Windows 8 will run, you can click the Change defaults or choose other options at the bottom of the screen. There are actually a multitude of options that you can change and I’ll cover all of them in a future article.


    What’s your take?

    Will you configure a Windows 7/Windows 8 dual boot system?