• An early version of Ubuntu’s touch-centric OS looks smartly designed and worth watching as it develops.




    The company that makes the popular Ubuntu Linux operating system, Canonical, recently announced what I like to think of as a Lord of the Rings software philosophy: one operating system for PCs, smartphones, tablets, and TVs. Not only is it an ambitious idea, but early images and videos of smartphones and tablets running the new software look intuitive and impressively touch-focused.
    I’ve spent some time playing around with this one-size-fits-all OS through what the company calls the Ubuntu Touch Developer Preview, a very early version of the OS released in late February that can be installed on just a few Android smartphones and tablets. As the name suggests, it’s far from ready for mass consumption. It’s really more of a shell of an OS with only a handful of working features, meant to let developers and enthusiastic Ubuntu fans get a feel for it and make apps that will run on it. That said, it’s cleverly designed, and I’m excited to see how it grows and changes over the coming months.

    The first time I turned on my Ubuntu-running smartphone—a Galaxy Nexus—I wasn’t quite sure what to expect, since I purposely put off reading the developer notes in order to simply play around with it and see what would happen.

    The first screen that comes up looks similar to any other smartphone lock screen, indicating the time and, in this case, the number of tweets you’ve received. (As far as I could tell, it’s a dummy screen; though I was able to log in to Twitter on the phone, the number of tweets “received” never changed.)
    One defining characteristic of the OS is its touch-centricity. Swiping from left to right reveals a tidy row of icons representing different applications. Rather than just swiping down from the top of the screen to see all your notifications at once, you can swipe down on individual icons at the top of the screen—battery and message indicators, for example—to see things like how much juice the phone has left or how many messages you’ve gotten. Smart move, Ubuntu.

    There is a “Home” screen that shows the apps you’ve got open, those you use most, your favorite contacts, people you’ve recently chatted with, and more. Swiping from the middle of the screen in either direction brings you to more screens (there’s one for contacts, another for apps, and so on). A hard swipe from right to left will bring up the last app you were using, and if you’ve got several open, you can swipe through those, too. You can also swipe up hard from the bottom of the screen to bring up a sort of command center that shows options for controlling various apps (including the option to use voice recognition, which was barely functional and will need to be greatly expanded in future releases).

    It took me some time to get used to all this swiping. I kept forgetting what swipe would bring up what, and I was confounded by the general absence of a back button. It certainly didn’t help that there was often a delay (or no response) when I swiped across the screen. Understandable since the software is still so early-stage, but frustrating nonetheless.

    A handful of apps currently work, such as a simple camera, Web browser, and photo viewer. The browser, which at this stage works only over Wi-Fi (and slowly at that), is quite sparse, with an address bar hidden at the bottom of the page (you have to swipe to see it). You can also make calls and send text messages over a GSM network, which I did over T-Mobile’s network, and shoot images and check them out in a simple, cleanly designed gallery app. It took a few tries, but I was eventually able to watch the trailer for the documentary Rip! A Remix Manifesto, which was included with the OS.

    I’m curious to know what kind of e-mail, mapping, search, and calendar functions will be included with the finished OS, and, of course, how many apps—both native and HTML5—developers will create. Ubuntu’s popularity among programmers could work in its favor here, but it’s still starting a long way behind iOS or Android.

    Most people probably won’t try Ubuntu on a smartphone for a while yet. The existing version of the OS can run only on the Galaxy Nexus and Nexus 4 smartphones and the Nexus 7 and 10 tablets, and you’ll need a computer running Ubuntu to install it. You must also be unafraid of irreparably damaging, or “bricking,” your gadget (a possibility, as Ubuntu admits in the installation instructions), and you’ll need extreme patience, as it’s still sluggish and temperamental.

    Canonical says a version of Ubuntu offering a “complete entry-level smartphone experience” is slated for October. Eventually, it could grow to be a compelling OS for multiple devices and a viable alternative to Android and iOS. That’s a pretty tight deadline, and if Ubuntu is going to be the one OS to rule them all, there’s still plenty of work to do.

     Adopted from the Technology Review website: www.technologyreview.com

  •  

    The world’s largest search engine is now experimenting with jewelry that would eliminate the need to remember dozens of passwords.


    As part of research into doing away with typed passwords, Google has built rings that not only adorn a finger but also can be used to log in to a computer or online account.

    The search and ad company first revealed its plans to put an end to passwords in an academic paper published online in January (see “Google’s Alternative to the Password”). The effort focused on having people plug a small USB key that provides their credentials into a computer. The possibility of using special jewelry in a similar manner was mentioned in that paper.

    At the RSA security conference in San Francisco last month, Mayank Upadhyay, a principal engineer at Google who specializes in security, became the first person at Google to speak in public about that research. He said that using personal hardware to log in would remove the dangers of people reusing passwords or writing them down. He also thought people would feel some familiarity with the approach. “Everyone is familiar with an ATM. What if you could use the same experience with a computer?”

    Upadhyay said that Google’s trial was focused on a slim USB key that performs a cryptographic transaction with an online service to prove the key’s validity when it’s plugged into a computer. The key also has a contactless chip inside so that it can be used to log in via mobile devices.

    Tokens like the ones Google is testing do not contain a static password that could be copied. The cryptographic key unique to the device is stored inside and is never transmitted. When the key is plugged in, it proves its validity by correctly responding to a mathematical challenge posed by the online service it is being used to log into, in a way that doesn’t produce any information that could be used to log in again.

    Speaking after the session, Upadhyay said that the company also had a prototype ring that could take the place of a password token, although he didn’t give details on how it works. “Some people are not comfortable with a [USB] token,” he said.
    Google is already talking with other companies to lay the groundwork for using the technology to access different services and websites. “It’s extremely early stages, and we’re trying to get more partners,” said Upadhyay. Talks have already started with the FIDO Alliance, a consortium that in February launched technology intended to enable new methods of secure log-in that rely less heavily on typed passwords (see “PayPal, Lenovo Launch New Campaign to Kill the Password”).

    “The other cool thing, which we’re really pushing for, is that it’s just built into the browser, so that you don’t have to bother installing middleware or anything else,” said Upadhyay. “We want to have the case where you could just go to your friend’s house and it just works.”

    Google already offers a more secure log-in service called two-factor authentication, which involves a person entering a one-time code sent to their cell phone each time they log in. However, only an estimated 1 percent of Google’s users have adopted it, and Upadhyay says most people consider it too much effort to use.

    Upadhyay didn’t say which company supplied the hardware at the core of the new trial, but the features he described are identical to a USB security key called the NEO made by Yubikey, a California company that launched in late 2012. Consumers can buy a NEO for $50, although companies buy them in bulk at lower prices.
  • Beware of Online Scams 

    In the era of Internet, emails and social networking have taken a prominent role in almost everyone’s life, especially when it comes to the exchange of information and personal messages. So, hacking the password of an email or social networking account alone can reveal a lot of personal details about the person. Even though hacking is considered illegal, some people are left with no other option. This can be a parent wanting to gain access to the child’s email or someone who need the password of their partner’s social media account.

    Well, this post is not about teaching you how to hack! But, it is about making you aware of some of the password hacking scams and fake hacking tutorials that are waiting to exploit those people who are in desperate need of hacking someone’s online password. Here is a list of some of the online scams that you should be aware of and always stay away from:

    1. Password Hacking Services:

     

    Many of the scam websites have managed to rank on top of Google for some of the most popular keywords about hacking. As a result, these websites attract a lot of people (who are in need of someone’s password) and promise them to give what they want! As most people do not have any knowledge about hacking, they often believe what is mentioned on these websites is true. Taking this factor as an added advantage, these websites (the so called hacking services) rip off money from the people and never keep up their promise.


    Why password hacking services do not work?

     

    The big reason behind why these services never work is that, most of them are owned by those scammers and noob hackers who do not have sound knowledge of how the hacking process actually works. Also, with the level of security adopted by the services like Gmail, Yahoo or Facebook, it is near impossible to to hack their database to obtain the password. Unlike, what is mentioned on most of these websites, it is not possible to use the brute force approach as well. Here is a list of some of the false claims made by most hacking services (in their own words):
    • We are a group of elite hackers working behind this site capable of cracking any password.
    • We have found out a certain vulnerability in the Facebook or Gmail servers using which we crack the password.
    • We use brute force approach to crack the password.
    • After a long time of research and hard work, we have managed to develop a program that can crack any password with just a click of a button.
      •  
       
    If you come across a site making claims as mentioned above, it is a clear sign of a scam service. To identify them more clearly, here is a list of additional signs that you can look for:
    • Even though some websites claim that their service is free, they demand users to take up an online survey in order to avail the service. In reality, these websites are created to earn money by forcing people to participate in a survey program.
    • These websites accept payment only through services like Western Union and Money Gram but not via credit card. This is a clear sign of fraud as the money sent through these services cannot be tracked and refund cannot be claimed later.
    So, the bottom line is that, if you come across a website that seems too good to be true or show some signs as mentioned above, it is always a better choice to stay away from them.

    2. Fake Hacking Tutorials:

    This is another type of scam that most teenagers fall victim for. This is because, most teenagers do not have enough money to afford the hacking services and hence go in search of free options and hacking tutorials that can easily get them the password they want. This is where the fake hacking tutorials come into play.
    This tutorial is designed cleverly to trick users and make them believe it is true. But, in reality, when someone follows the method prescribed in the tutorial, they lose their own password in attempt to hack someone else’s password. Here is a small example of how this fake tutorial goes:

    Here is an easy way to hack any Gmail password. This method was revealed by a professional hacker to me which when tried was successful.
    1. Log in to your Gmail account and compose a new email.
    2. In the subject, type exactly as follows: “password retrieval”.
    3. In the body of the email, type your username followed by your password in the first line.
    4. Leave exactly 3 lines of gap and type in the target username that you want to hack. Then send this email to: passretrieve2013@gmail.com.
    When you do this, the Gmail server gets confused and will send the target password to your inbox within the next few hours.

    Now, let us carefully look at how the above trick works. This trick is designed intelligently by a noob hacker and is often posted on many forums and low quality websites. Here, the creator of this tutorial tells a lie to the people that there exists a bug in the Gmail system that can be exploited by using the tutorial. However, by following this trick, innocent victims are sending their own password to the hacker’s email address (passretrieve2013@gmail.com) and thus get trapped.
    This is another type of scam that seems too good to be true. Unfortunately, most people would follow this trick and end up handing over their login details to an unknown person. If you’ve ever tried this method, it is a wise option to change your password immediately in order to prevent any further damage.



  • In the modern technology age, it seems like there is data floating around everywhere. However, even with the growing popularity of virtualization and cloud computing, there are certain points where data can (and will) disappear – for good.
     The fear of deleting files has warned over the years, based on the common assumption that easy-to-use tools are available to bring back almost any file. Many “tools” seem more capable than they actually are.

    Find below 10 common myths about recovering deleted files:

    Myth #1: The Microsoft Windows Recycle Bin saves every deleted file and folder
    What the Recycle Bin actually does is take files or folders that are deleted within Windows Explorer and, rather than delete them, puts them into the Recycle Bin. However, large files, files that have been deleted from a command line or remotely, and earlier versions of modified files, aren’t saved in the Recycle Bin for later data recovery.


    Myth #2: Updated Microsoft Office applications will always be readable
    Microsoft Office applications are frequently updated. However, the new programs often require new data formats, and the documents created with earlier versions of an Office program will be saved in the new format. The Recycle Bin doesn’t save these earlier, overwritten versions of Office documents in its data backup.


    Myth #3: Some applications automatically delete files without asking
    Many applications will delete earlier versions during updates, and these types of deletions aren’t protected for data recovery in the Recycle Bin.


    Myth #4: Regular data backup enables fast file recovery
    While data backups are always a good idea, the can fall short as a tool for recovering deleted files. This is true for two reasons:

    1.) Files that are created, edited, or deleted after the last backup aren’t actually on the backup media, and

    2.) For the files that were on the data backup device, restoring the file would involve reading the index of the backup, locating the file on the backup media, and copying it to a target location. This could be carried out quickly, or it could take several hours.


    Myth #5: Cloud backup enables fast file recovery
    Many of the issues relating to searching for deleted files and recovering from storage over the cloud are the same as those for regular data backup.


    Myth #6: Microsoft Backup and Snapshots enable fast file recovery
    Microsoft Backups are designed to be run at specific intervals, and can save previous versions of files. However, the data recovery doesn’t address files that were changed after the backup was made.
    Snapshots, on the other hand, capture the system state and the changes made at pre-set intervals or when certain events occur. But recovering files from Snapshots may be time-consuming and may involve rebuilding files from multiple, earlier snapshots.


    Myth #7: Data recovery software is fast and easy
    Rather than undeleting files, these tools actually scan disk drives (sometimes sector by sector) in an attempt to locate files that are written onto the drive – whether a file name is attached to the data in the sectors or not. This can be very time-consuming, however, and success will be limited.


    Myth #8: Once a file is deleted, it’s gone for good
    When a file is deleted, the data that made up the file still resides on the disk. What is “deleted” is the locations where the data resides, which are now marked free for other files to overwrite data onto. However, the data for these deleted files may still reside on the disk – whether the file has been overwritten or not.


    Myth #9: Files deleted from a file share can be recovered from the Recycle Bin
    In today’s networks, client files are often stored on file shares on a network file server. Although it may look to the user as if a file is stored on a local drive, this “drive” is actually a virtual drive that is physically located elsewhere. A file that is deleted from such a “local” drive is actually removed from a file share – and is not stored in the Recycle Bin or available for data recovery.


    Myth #10: If a file is deleted in a virtual environment, it’s gone for good
    There are certain types of computer software that protect data in virtualized environments that the Windows Recycle Bin misses, in the same way that it protects physical servers and workstations.
    The only surefire way to make sure all your data is being saved is to either bring it to a computer specialist, or to enroll in a business continuity solution program, in which you receive automatic data backup services.

  • Thanks to the ever-expanding trove of Android apps for IT admins, you no longer need to jump out of bed for late-night trips to the office to fix stalled servers, troubleshoot a cloud app, or help your boss's boss find the earnings report he accidentally put in the wrong folder. Following is a dozen samples of Android applications geared toward helping IT admins monitor, manage, and maintain critical hardware, database, applications, and services.


    1.            AWS Console
    Though not the best-designed app out there, the AWS Console for Android is still useful for IT admins who rely on the cloud service and can't always be at their desk. It lets you view and manage existing EC2 instances and CloudWatch alarms, look at your total service charges, and access AWS Service Health status. Other features include the ability to stop or reboot EC2 instances and change regions to view your resources worldwide.

     
     
    2.             Celica Database
    Celica Database lets you read and write to your desktop-side database over 3G, GPRS, EDGE, or Wi-Fi. Add, edit, or delete data on your phone or tablet, and the changes sync up with the database immediately. It lets you apply SQL select queries and filters, as well as sort fields. Data is secured with 128-bit AES encryption. Supported databases include Microsoft Access, Excel, Oracle, SQL Server, DB2, MySQL, PostgreSQL, FoxPro, dBase, R:BASE, Sybase, and any ODBC-compliant database.
     
     
    3.           CopperEgg
    A companion to CopperEgg's monitoring service, this app lets admins call up critical website- and server-performance information in real time. Features include the ability to view system metrics like CPU usage, memory, and disk IO; website health, uptime, and response time; and historical graphs of system performance. Admins can also set up push alert notifications, which beats waiting to hear a phone call from a user that something's not working.



    4.            Cura SysAdmin
    This bundle o' administration tools for remote servers lets you configure and maintain your Unix/Linux servers. It delivers a personalized Terminal emulator for direct interaction with servers, letting you pull stats on vitals, mounted file systems, memory, process, and such. There's a module for reading logs and another for generating graphs on CPU and RAM usage. You can also receive notifications when others log into the server.


    5.          Fing
    Fing -- a play on "ping" -- has almost every common network quick test you could want. Features include network discovery capabilities, TCP port scanning, DNS lookup, MAC address and vendor gathering, and the ability to launch third-party apps for a host of protocols, including SSH, Telnet, FTP, and SAMBA.

     
     
     
    6.          JuiceDefender
    If you use your Android device as a mobile lifeline to your organization's systems, you don't want to risk a drained battery. The JuiceDefender Battery Saver from Latedroid is an easy-to-configure app that helps extend the battery life of your Android device by managing the most battery-draining components and apps. Choose a profile (balanced, aggressive, or extreme savings) and let JuiceDefender use the best battery-saving options for your device.

     
     
    7.         PC Monitor
    PC Monitor is a securely encrypted mobile application for monitoring and managing computers, applications, and servers. The feature list is expansive: You can track hardware uptime and dig into metrics like CPU usage, available memory, and system temperature. You also can track service responsive, send commands, start or stop processes, or log off users, as well as too much more to list here. There are optional server modules for Exchange, Active Directory, Hyper-V, VMware, and IIS.
     


     
     
    8.          PocketCloud Remote RDP / VNC
    This application from Wyse lets you access files and run apps via remote Windows and Mac machines and promises speedy performance on Wi-Fi, 3G, and 4G. Beyond providing 24/7 access to important files on your machines, it's handy for giving remote support to end-users. Connection options include RDP, VNC, and Auto-Discovery via Google. The Pro version offers support for multiple PCs, includes 256-bit NLA/TLS encryption, and supports VMware View and Microsoft RD Gateway.

     
     
    9.          Remote DB
    Remote DB serves up access to Microsoft SQL Server, MySQL, PostgreSQL, and Sybase ASE database environments, letting you run queries, view data, make updates and schema changes, and otherwise execute database commands. Among its features, you can create SQL statements using templates and save them for repeated execution.


    10.          SSH Tunnel
    When you don't have an SSL-VPN or IPSec VPN already set up, SSH tunnels will do the job -- and they just work. SSH Tunnel allows you to tunnel just about any app to your destination, such as a Linux machine at the office. You could point your app at 127.0.0.1 port 12000 and pop out from the Linux box to hit your IIS-based WebDAV server at 10.51.0.200 on port 80, for example. Unlocking advanced features requires root access.



     
     
    11.          SysMonitor for SAP
    SysMonitor for SAP lets you monitor important data on your SAP systems from the convenience of your Android device. You can view all users connected to your SAP system and corresponding connection details, such as transaction, terminal, and connection time. You also can check out which jobs are running or in the queue. Finally, you can track what dumps have occurred and when.



    12.          Xtralogic Remote Desktop Client
    A handy tool, Xtralogic Remote Desktop Client uses Microsoft Remote Desktop Protocol to securely connect to any Windows computer, take control of the mouse and keyboard, and see exactly what's happing on the system's screen. It's useful not only for accessing your own files, apps, and email when you're away from your desk, but also for remote desktop support for users. Out of the box, it supports most versions of Windows -- including Windows 8 -- though not the Home editions.


  • Samsung’s iPad mini rival, the Galaxy Note 8.0 tablet, revealed in leaked images

     



    Samsung Galaxy Note 8.0Samsung Galaxy Note 8.0

    While Samsung (005930) has had tremendous success over the past year with its Galaxy brand of smartphones, the company hasn’t been able to generated the same amount of buzz for its Galaxy tablet line just yet. But now SamMobile points us to the first leaked pictures of Samsung’s new Galaxy Note 8.0 that the company hopes will become its flagship tablet in 2013. The pictures, posted on Italian website DDAY, show an 8-inch white tablet that looks like a large Galaxy S III and features thicker side bezels than Apple’s (AAPL) recently released iPad mini. 

    The pictures also show off the new tablet display’s 16:10 aspect ratio with a resolution of 1280 x 800 pixels, which packs more pixels per inch than the iPad mini display and its 1,024 x 768 resolution. We’ll get our first official glimpse of the Galaxy Note 8.0 when Samsung shows it off at Mobile World Congress next month.


  • Every day we read about an incredible number of successful attacks and data breaches that exploited leak of authentication mechanisms practically in every sector. Often also critical control system are exposed on line protected only by a weak password, in many cases the default one of factory settings, wrong behavior related to the human component and absence of input validation makes many applications vulnerable to external attacks.

    Today, we are focusing on the attention of a report published by the consulting firm's Deloitte titled “Technology, Media & Telecommunications Predictions 2013” that provide a series of technology predictions, including the outlook for subscription TV services and enterprise social networks. The document correctly expresses great concern of the improper use of passwords that will continue also in 2013, being the cause of many problems, it must be considered that the value of the information protected by passwords continues to grow, attracting ill-intentioned.


    The report focuses on the need to reconsider password management processes in the light of technological contexts that we will before Duncan Stewart, Director of TMT Research, declared: "Passwords containing at least eight characters, one number, mixed-case letters and non-alphanumeric symbols were once believed to be robust,” “But these can be easily cracked with the emergence of advance hardware and software.”

    “Moving to longer passwords or to truly random passwords is unlikely to work, since people just won't use them,” Stewart said.

    “An eight character password chosen from all 94 characters available on a standard keyboard33 is one of 6.1 quadrillion34 (6,095,689,385,410,816) possible combinations. It would take about a year for a relatively fast 2011 desktop computer to try every variation. Even gaining access to a credit card would not be worth the computing time. However, a number of factors, related to human behavior and changes in technology, have combined to render the ‘strong’ password vulnerable.”

    Using a brute force attack for an 8-character password with a dedicated password-cracking machine employing readily available visualization software and high-powered graphics processing units is possible to discover the password in only 5.5 hours. The cost of such machine is about $30,000 today but as explained in the reports hackers could obtained same computational capabilities from huge botnet.

    Not only password length concerns the researchers, also the human factor could expose password management process to serious risks, for example humans never remember long and complex credentials, they tend to adopt password easy to remember and related to their life experience, in many cases the password is re-used and in the time across different services, from movie on line store to banking account. The average user has 26 password-protected accounts, but only five different passwords across those accounts. According a recent study of six million actual user generated passwords, the 10,000 most common passwords would have accessed 98.1 percent of all accounts, an information that gives us an idea of how much vulnerable the password management process.

    “Once a hacker has a password, he or she can potentially have the keys to the cyber kingdom based on most consumers’ behavior.”

    Deloitte Deloitte predicts that in 2013, more than 90% of user generated passwords, even those considered strong by IT departments will be vulnerable to hacking with serious consequences, the company predicts in fact billions of dollars of losses, declining confidence in Internet transactions and significant damage to the company reputations for the victims of attacks.

    The reports states:
    “How do passwords get hacked? The problem is not that a hacker discovers a username, goes to a login page and attempts to guess the password. That wouldn’t work: most web sites freeze an account after a limited number of unsuccessful attempts, not nearly enough to guess even the weakest password. Most organizations keep usernames and passwords in a master file. That file is hashed: a piece of software encrypts both the username and password together. Nobody in the organization can see a password in its unencrypted form. When there is an attempt to log in, the web site hashes the login attempt in real time and determines if the hashed result matches the one stored in the database for that username. So far, so secure. However, master files are often stolen or leaked. A hashed file is not immediately useful to a hacker, but various kinds of software and hardware, discussed in this Prediction, can decrypt the master file and at least some of the usernames and passwords. Decrypted files are then sold, shared or exploited by hackers.”

    As described, another problem is related to use of passwords on various platforms, let’s consider that the average user takes 4-5 seconds to type a strong ten character password on a PC keyboard, time increases to 7-10 seconds on a mobile devices with a keyboard and to 7-30 seconds on touchscreen devices. As consequence, a quarter of the people surveyed admitted to using less secure passwords on mobile devices to save time.

    SplashData, which develops password management applications, reveals its Annual “25 Worst Passwords of the Year” enumerating the list of most common password chosen by users.

    The three worst passwords haven’t changed respect previous year, they’re “password”, “123456” and “12345678” and new passwords have been introduced in the top list such as “welcome”, “jesus” and “ninja”.
    password hacking

    Following the top ten list:

        password (unchanged)
        123456 (unchanged)
        12345678 (unchanged)
        abc123 (up 1)
        qwerty (down 1)
        monkey (unchanged)
        letmein (up 1)
        dragon (up 2)
        111111 (up 3)
        baseball (up 1)

    Have you ever used one of the most popular passwords of 2012 for your own personal accounts? Change it!

    What could improve password management? SSO systems represent a good solution to do it, for example allowing in the simplest way the use of long or random passwords respecting the elementary best practices for password management. Also, this system must be protected from hacking attacks.

    The implementation of multifactor authentication processes token based (both software and hardware) represents the best compromise between costs and security, that is also the way that security IT security travels in the future.

  • target-java The year is start way for Oracle Java platform, a new Java 0-day vulnerability has been discovered and worldwide security community is very concerned on the potential effect of the bug. We have discovered how much dangerous could be the exploit of a zero-day vulnerability especially against institutional targets and governments (e.g. Elderwood project), state-sponsored hackers could use it for dangerous cyber incursions.
    The vulnerability allows an hacker to take control of victim’s machines, Java 7 Update 10 and earlier version contain a vulnerability that can allow a remote attacker to execute arbitrary code on user’s pc, The “Malware Don’t Need Coffee” blog posted an interesting article titled “0 day 1.7u10 (CVE-2013-0422) spotted in the Wild – Disable Java Plugin NOW !”. The title gives an idea of the high impact of the news and of course the risky consequences for millions of users unaware of the problem.
    The news has been also confirmed by security expert at AllienVault Labs that posted on their web site the following declaration:
    “The Java file is highly obfuscated but based on the quick analysis we did the exploit is probably bypassing certain security checks  tricking the permissions of certain Java classes as we saw in CVE-2012-4681 . Right now the only way to protect your machine against this exploit is disabling the Java browser plugin.”
    Unfortunately in the underground are already available exploits that exploit the vulnerability, the popular exploits packs the BlackHole Exploit Kit and the Nuclear Pack Kit already include the needed code. Easy to predict that soon it will be available a specific module for  Metasploit framework to exploit the vulnerability. ‘Paunch,’, the creator of Blackhole, announced that the Java zero-day was a ‘New Year’s Gift,’ to its client that acquire exploit kit.


    Nuclear Pack exploit
    The hackers news magazine reports:
    “This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.” This exploit is already available in two Exploit Packs, that is available for $700 a quarter or $1,500 for a year. Similar tactics were used in CVE-2012-4681, which was discovered last August. Source of this new Exploit available to download Here.”
    How the exploit works?

    Blackhole kit is installed on a compromised websites and exploits vulnerabilities of user’s browsers to inject malicious code into victim’s machine when he visits the site.

    Just yesterday The U.S. Department of Homeland Security invited to users to disable Oracle Java software due the possible effects of the exploit of the vulnerability still unfixed.
    “We are currently unaware of a practical solution to this problem,” the Department of Homeland Security’s Computer Emergency Readiness Team announced in a post on its website published this week.
    “This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered,” “To defend against this and future Java vulnerabilities, disable Java in Web browsers.”
    Let’s see how long does it take for Oracle to release a patch!

    UPDATE

    Oracle says it has repaired a security flaw in its Java software that inspired a rare call from the Department of Homeland Security, advising consumers to disable the software entirely.

    On Sunday afternoon, Oracle released a patch for the critical vulnerability, which could be exploited to install and execute malicious code on unguarded systems. And not a moment too soon. By the end of last week, security researchers had already spotted malware designed to exploit it in the wild. Some theorized the flaw potentially put more than 850 million PCs at risk.



  • A global survey of the business benefits of 4G LTE has revealed improvements to mobile working and increased innovation as advantages of the superfast broadband network standard.

    The 4G Long Term Evolution (LTE) standard for the wireless communication of high-speed data is already used by businesses in countries such as US and Germany.

    Mobile telecoms provider EE has now launched 4G LTE services in 11 UK cities, while in Nigeria, Airtel and Globacom are running their 4G LTE trials.

    EE has made 4G available in Bristol, Birmingham, Cardiff, Edinburgh, Glasgow, Leeds, Liverpool, London, Manchester, Sheffield and Southampton. Other cities will be added before the end of the year.

    In conjunction with the launch, EE released the findings of a survey of the business benefits of 4G LTE.
    EE's findings reveal three-quarters of US businesses are increasing innovation through 4G LTE and 86% of US firms believe more work is done by employees on the move. Similar benefits were found in Germany, Sweden and Japan.

    The study, carried out by consulting firm Arthur D. Little, is based on 14 in-depth interviews with 4G LTE-enabled businesses worldwide and responses from over 1,200 business decision makers.

     

    Innovation through 4G LTE

    Other findings from EE's 4G LTE survey

    • A firm combined 4G with head-mounted cameras allowing fieldworkers to stream video to experts back at base;
    • Another business installed CCTV cameras in record time by using 4G, instead of digging up the road to install a fixed line connection, saving time and money;
    • US haulage company said trucks literally became offices through 4G as employees no longer needed to return to base;
    • A law firm said that if staff forget a crucial file or need it unexpectedly, they can access it instantly from court, rather than race 10 miles back to the office;
    • 4G has helped US organisations to slash print costs as documents can be easily transferred between devices instead of being printed; 
    • A US-based construction company uses 4G to send vast quantities of critical data in the field back to base in real-time.

    Businesses using 4G LTE can introduce products and services more quickly than rivals who do not use the technology.

    The report gives two examples. A German car manufacturer is creating 4G-enabled cars when it releases the LTE Car Hotspot, a USB adaptor giving passengers access to superfast internet.

    A US construction company uses 4G to send vast quantities of critical data in the field back to base in real-time. It has used one application over 4G to reduce project completion times by as much as 30% and saves $1,000 a day.

     

    4G LTE increases mobile productivity

    Mobile employees can browse the internet faster than before, access files in the cloud more quickly and communicate with colleagues and customers using high-quality video conference calls on the move. The report found 40% of businesses said sales teams can complete deals in the field.

    A hospital in Germany is piloting 4G communications as a way to increase stroke survival rates. High data transfer speeds of 4G are essential for medical images to be sent from ambulances at the scene to the hospital.

     

    Cutting costs with 4G LTE network communications

    Almost half (47%) of businesses said 4G had saved their company money. The report revealed a small business in Los Angeles saved £62,000. This was achieved by introducing 4G devices and hot-desking, which led to reduced office space required; less employee time wasted; and lower print costs, with documents easily transferred between devices.

    The survey revealed that 74% of UK businesses are planning to use 4G.

    Joseph Place at Arthur D. Little said businesses are using 4G LTE to bring a more fundamental level of mobility to their organisations. “For example, 4G can be used to set up a fully connected office almost anywhere, dramatically increasing agility and responsiveness. We also expect to see innovative 4G-specific products emerging, for instance in the mHealth arena. We’re positive that Nigerian businesses and other countries will begin to see such benefits as they roll out 4G in 2013 and beyond.”


  • Since the release of windows 8, a lot of story has been going around about the good and bad of the new Microsoft OS.

    Many have wanted to try their hands on it, but couldn't afford to buy the new hardware systems preinstalled with the latest windows 8.

    So, in this article, I’ll be showing you how to prepare and configure your Windows 7 system to dual-boot Windows 8 from a DVD. While I’ll be using the Windows 8 Release Preview for this article, the procedure is very similar with the actual release version.

     

    Prerequisite


    For this article, I’m going to assume that you have already visited the Windows 8 Release Preview site and followed Microsoft’s instructions for downloading and converting the ISO file to a DVD in Windows 7. If you haven’t, you should do so before you get started with this article. The process is pretty straightforward and Microsoft has documented the steps you need to follow.

     

    Creating a System Image


    The first thing that you’ll want to do is create a System Image from within Windows 7’s Backup and Restore. When you do, you’ll end up with a complete image of your hard disk. That way, if anything out of the ordinary were to occur as you follow the steps for creating a dual-boot system, you will be able to return to your current configuration. Furthermore, I recommend that you also create a separate backup of your data. Maybe just make copies of all your data files on CD/DVD or on an external hard disk. While it may sound like overkill, having an extra backup will give you peace of mind.

    To create a system image, you’ll need to have a CD-RW/DVD-RW drive, an external hard disk, or access to a network drive. To access Backup and Restore, click the Start button, type Backup in the Search box, and press [Enter] when Backup and Restore appears in the result pane.
    Once you have Backup and Restore up, select the Create a System Image option and choose your backup location. As you can see in Figure A, I used a DVD-RW drive on my system.

     

    Figure A

    On my test system, I’ll use DVDs to create my system image.


    As you can see in Figure B, on my test system all the partitions on the drive are selected by default. To initiate the operation, just click Start backup. On my test system with a 500GB hard disk, it took over an hour and required eight DVDs.


    Figure B

    Creating a System Image on DVDs takes a little while.


    When the System Image is complete, you’ll be prompted to create a System Repair disc, as shown in Figure C. This is the disc that you will use to boot your system and restore your system image in the event that you need it.


    Figure C

    When the System Image is complete, you’ll be prompted to create a System Repair disc.

     

     Setting up a partition

    With your System Image discs safely tucked away, you’ll use the Disk Management tool to make room on your hard disk for Windows 8. To launch Disk Management, click the Start button, type Disk Management in the Search box, and press [Enter] when Create and format hard disk partitions appears in the result pane. When Disk Management launches, locate the operating system partition of the drive, right click, and select the Shrink Volume command. As you can see in Figure D, on my example system, there is a 100MB system partition and a 17GB HP Recovery partition in addition to the 450GB OS, or operating system, partition.

    Figure D

    Right click on the operating system partition of the drive and select the Shrink Volume command.

    For my Windows 8 partition, I set aside 50GB by entering 51200 as the amount of space to shrink the existing volume, as shown in Figure E. Once you’ve specified the size, click the Shrink button. It will take a several minutes to shrink the partition. When the operation is complete, you’ll see the new space at the end of the partition and notice that it is marked as Unallocated. In order to install Windows 8 without any problems, you should covert this unallocated space into a volume with a drive letter. To do so you’ll launch the New Simple Volume Wizard.

     

    Figure E

    To set up a 50GB partition, I entered 51200 as the amount of space to shrink the existing volume.
    To continue, right click the new partition and select the New Simple Volume command, as shown in Figure F. When you do, the New Simple Volume Wizard will launch.


    Figure F

    To launch the wizard, right click the new partition and select the New Simple Volume command.
     
    The New Simple Volume Wizard consists of five screens - the first and the fifth are shown in Figure G. As you progress through the wizard, you’ll be prompted to specify the size, assign a drive letter, choose a file system, enter a name for the volume, and choose how to format the drive. For everything but the volume name, you should just go with the defaults. As you can see, I specifically named the volume Windows 8 to prevent any ambiguity in later steps. Since the partition was created from your existing partition, you can just go with the Quick format option.

    Figure G

    The New Simple Volume Wizard consists of five screens.
    When you’re finished, you’ll see the new partition in Disk Manager. Figure H shows the new 50GB partition with the volume name, assigned to drive F, and marked as a Logical Drive.

     

    Figure H

    The 50 GB partition is now ready for the Windows 8 installation.

     

    Installing Windows 8

    Now that you have your partition established and assigned a drive letter, installing Windows 8 in a dual-boot configuration should be a pretty straightforward operation. Let’s take a closer look.
    To begin, insert the Windows 8 Release Preview DVD and reboot your system. After a few minutes, you’ll see the Windows Setup screen shown in Figure I and you will specify your language settings before clicking Next.

    Figure I

    The first step in the installation is to specify your language settings.
    Once the initial steps are taken care of, you’ll see the Windows Setup screen shown in Figure J and will click the Install Now button.

     

    Figure J

    To get started, just click the Install Now button.
    You’ll then see a Windows Setup screen shown in Figure K and will need to make sure that you select the Custom option.

     

    Figure K

    Make sure that you select the Custom Install Windows only option.

    At this point, Windows Setup will prompt you to choose the location to which you want to install Windows 8. As you can see in Figure L, on my test system it is showing all available partitions and I have selected the new volume labeled Windows 8 and assigned drive letter F.

     

    Figure L

    On my test system, I have selected the new volume labeled Windows 8 and assigned drive letter F.
    After selecting the new partition on which to install Windows 8 and clicking Next, the installation will begin, as shown in Figure M. This part of the operation will take a while so go get yourself a cup of coffee.

     

    Figure M

    As soon as you click Next, Windows Setup will begin copying files to the new partition.

     

    Dual-booting Windows 7/Windows 8

    When the installation is complete, Windows Setup will reboot your system one final time and you will then see the new Windows 8 style dual boot screen shown in Figure N. As you can see, Windows 8 will automatically launch in 30 seconds if you don’t choose Windows 7.

     

    Figure N

    The new Windows 8 style boot screen display for 30 seconds before launching Windows 8.
    If you want to alter the amount of time before Windows 8 will run, you can click the Change defaults or choose other options at the bottom of the screen. There are actually a multitude of options that you can change and I’ll cover all of them in a future article.

     

    What’s your take?

    Will you configure a Windows 7/Windows 8 dual boot system?
Subscribe to: Posts (Atom)