Blog

post subject: posted on:2010-10-09 00:00:00

post subject: posted on:2008-09-10 00:00:00

Pacemakers Vulnerable To Hacking

Implantable medical devices like pacemakers seem secure, buried within one's body. But a team of researchers have demonstrated that's not the case. In a newly published academic paper, computer scientists from the Beth Israel Deaconess Medical Center, Harvard Medical School, the University of Massachusetts Amherst, and the University of Washington have shown that a combination pacemaker and defibrillator with wireless capabilities, the Medtronic Maximo DR, can be hacked. "Our investigation shows that an implantable cardioverter defibrillator (1) is potentially susceptible to malicious attacks that violate the privacy of patient information and medical telemetry, and (2) may experience malicious alteration to the integrity of information or state, including patient data and therapy settings for when and how shocks are administered," the paper states. Such a shock could induce ventricular fibrillation, which is potentially lethal. Read More

post subject:tech posted on:2008-03-13 00:00:00

Japan Investigates Sparking Apple iPod

Japanese government officials are investigating a possible defect that caused an Apple iPod to shoot out sparks while it was being recharged, it was reported Wednesday. An official with the country's trade and economy ministry told the Associated Press that the incident, which occurred in January in Kanagawa Prefecture southwest of Tokyo, is believed to stem from a flaw in the iPod Nano's lithium-ion battery. Apple reported the problem to the ministry in March. No one was injured by the sparks, which the ministry is categorizing as a fire. Apple has been ordered to find out the cause and then report back to the government. Apple was not immediately available for comment on Wednesday. The defective iPod's model number was MA099J/A, the AP reported. Read More

post subject:news posted on:2008-03-13 00:00:00

Microsoft Strengthens Virtualization Portfolio With Kidaro Acquisition

In a move to strengthen its virtualization portfolio, Microsoft said today that it intends to buy four-year-old Israeli virtualization company Kidaro for an undisclosed sum. Though Microsoft already has a product, Virtual PC, for desktop virtualization, it is unmanaged. That makes it a hard sell to big businesses. Kidaro acts as a management infrastructure for Virtual PC, including a small client-based add-on that allows Virtual PCs to be managed. "This fills a couple gaps with us," Gavriella Schuster, senior director for Microsoft's Windows product group, said in an interview. Microsoft will add Kidaro's desktop virtualization capabilities into Microsoft Desktop Optimization Pack (MDOP), a set of desktop management tools for businesses. The Kidaro technology would allow administrators to manage deployment, operation, and security of virtual desktops. Read More

post subject:news posted on:2008-03-13 00:00:00

Cisco, Adobe Issue Security Bulletins

Adobe and Cisco both released security advisories on Wednesday to address vulnerabilities in their products. Cisco released cisco-sa-20080312-ucp, which addresses multiple vulnerabilities in Cisco's Secure Access Control Server for Windows User-Changeable Password (UCP) program. "The first set of vulnerabilities address several buffer overflow conditions in the UCP application that could result in remote execution of arbitrary code on the host system where UCP is installed," Cisco says in its advisory. "The second set of vulnerabilities address cross-site scripting in the UCP application pages. Both sets of vulnerabilities could be remotely exploited, and do not require valid user credentials." Cisco has released an updated version of the UCP application to deal with these issues; the company says there's no known workaround to mitigate the vulnerabilities. Adobe meanwhile released six security bulletins that detail multiple vulnerabilities in Adobe Reader 8.1.2 for Unix, ColdFusion MX 7 and ColdFusion 8, Adobe Form Designer 5.0 and Adobe Form Client 5.0 Components, and LiveCycle Workflow 6.2. Read More

post subject:news posted on:2008-03-13 00:00:00

Microsoft Launches MIX08 With Plea To Developers

Microsoft asked software developers to "bet on us" as it began making test versions available of Internet Explorer 8, an upgraded version of the main software used to browse the Web. At Microsoft's MIX08 conference Wednesday, the company's chief software architect, Ray Ozzie, said the Web was at the center of everything Microsoft was doing as it seeks to expand beyond the desktop business it dominates. "I know today that you have many amazing technology choices available to you, but I'd like you to bet on us," Ozzie told an audience of Web developers. Microsoft has been pushing for a "software plus services" strategy that uses the Internet to augment traditional software that runs on a computer's hard drive. Ozzie also extended an olive branch to Yahoo, the Web pioneer that Microsoft is targeting in a unsolicited takeover offer, saying Yahoo has "creative people and interesting online properties." Read More

post subject:news posted on:2008-03-06 00:00:00

Cisco To Include Windows Server With Networking Equipment

Cisco Systems is becoming a Windows Server reseller, marking the first time the networking company is including a usable version of Microsoft's operating system in its equipment, Microsoft and Cisco announced Tuesday. Six months ago, Microsoft CEO Steve Ballmer and Cisco CEO John Chambers held a joint press conference to showcase their growing relationship with a few demos of Cisco-Microsoft interoperability. Now, they've taken that relationship to the next level with a joint branch office product. Later this year, Cisco will begin including a bare-bones installation of Windows Server 2008 in its Wide Area Application Services appliances, which do WAN optimization and application acceleration. The initial appliances will add local print, directory, and domain services to Cisco's own capabilities via Server Core, a new trimmed down command-line Windows Server installation option. Though Cisco includes elements of embedded versions of Windows in other products, this represents the first time companies will get explicit Windows services as a feature of a Cisco appliance. Potentially, this is an indication that Server Core represents an opportunity for Windows Server to show up in other places where it wouldn't have before. The new product, which doesn't yet have a name or price, aims to simplify the challenging task of managing branch IT infrastructure in remote offices, where IT staff is often shorthanded despite a growing number of devices and technologies. Read More

post subject:news posted on:2008-02-27 00:00:00

Google Buys Into Undersea Cable

Having outgrown the capacity of telecom companies to provide bandwidth for its online applications and services, Google is buying part of an undersea cable to carry data to and from Asia. On Tuesday, Google said it would join with five other telecom companies -- Bharti Airtel, Global Transit, KDDI, Pacnet, and SingTel -- to invest $300 million in the construction of a 10,000 km submarine cable. The high-speed fiber optic trans-Pacific cable, called Unity, will have a capacity of up to 7.68 Tbps and will run between the United States and Japan, about 6,200 miles. It is planned to accommodate demand for trans-Pacific bandwidth, which has grown at a rate of 63.7% annually between 2002 and 2007 and is expected to double biannually from 2008 through 2013, according to TeleGeography, a telecommunications consultancy. When construction of Unity is complete in 2010, Google projects a 20% increase in the amount of available trans-Pacific bandwidth. NEC and Tyco Telecommunications will be handling the construction. Read More

post subject:news posted on:2008-02-27 00:00:00

Researchers Transmit Optical Data At 16.4 Tbps

The goal of 100 Gbps Ethernet transmission is closer to reality with the announcement Wednesday that Alcatel Lucent researchers have recorded an optical transmission record along with three photonic integrated circuits. In papers presented at the Optical Fiber Communication Conference and Exposition/National Fiber Optic Engineers Conference (OFC/NFOEC), Alcatel-Lucent researchers disclosed research that they believe will likely pave the way to successful implementation of the very high speed transmissions. "Several new technologies were used," the firm said in a statement, "including a highly linear, balanced optoelectronic photoreceiver and an ultra-compact, temperature-insensitive coherent mixer." Carried out by researchers in Bell Labs in Villarceaux, France, the successful transmission of 16.4 Tbps of optical data over 2,550 km was assisted by Alcatel's Thales' III-V Lab and Kylia, an optical solution company. The researchers utilized 164 wavelength-division multiplexed channels modulated at 100-Gbps in the effort. Read More

post subject:tech posted on:2008-02-27 00:00:00

For Sale: Passwords To Fortune 500's Servers

More than 8,700 FTP login names and passwords, some of which grant access to Fortune 500 servers, are being sold online through a sort of eBay for stolen data, a security company revealed this week. Prices vary in relation to the Google PageRank of the compromised sites. The customers are cybercriminals who seek access to trusted sites in order to launch malware or hide files. Finjan, a computer security company based in Israel, made the discovery and elaborates on its findings in its February Malicious Page of the Month report. Finjan CTO Yuval Ben-Itzhak describes the online crime database application the company found as "the holy grail of hackers." It contains the "hacked FTP credentials of very large companies, some of them in the Fortune 500." More than 100 stolen login names are associated with one of the 500 most visited Web sites on the Internet, as measured by Alexa.com. Read More

post subject:news posted on:2008-02-27 00:00:00

CIOs Uncensored: Security Smarts

"Thank goodness it wasn't us!" We can't help it. Every time another nasty cybersecurity failure makes headlines, our eyes roll heavenward and we breathe a sigh of relief. Yet, while we have great empathy for the CIO at the enterprise that just got nailed, we know there's a bullet somewhere with our name on it. Not just one bullet--millions of them. At Pacific Northwest National Laboratory, we deflect more than 3 million attacks on our Internet firewall every day--10% of the connection requests. During the same time, our e-mail system rejects more than 1.2 million messages from disreputable sources or because they're detected as spam. That's nearly 97% of the e-mail being sent via the Internet to the laboratory. And it's getting worse daily. PNNL is a U. S. Department of Energy Office of Science national laboratory that's working to solve complex problems in energy, the environment, and national security. Our 4,000 staffers conduct fundamental research in the chemical, biological, materials, environmental, and computational sciences, and translate new discoveries into practical solutions to some of the most vital challenges facing our nation. Read More

post subject:news posted on:2008-02-25 00:00:00

Google-Powered Hacking Makes Search A Threat

Over the past few years, cybersecurity professionals have watched as the cinematic cliche of police with pistols being outgunned by thieves with automatic weapons has become applicable to their industry. Increasingly, they find themselves defending against automated attacks that can easily overwhelm the technologically underequipped. Wednesday saw the debut of the latest such tool, which derives its power from Google (NSDQ: GOOG)'s vast index. That's when the Cult of the Dead Cow, the self-proclaimed "world's most attractive hacker group," released a Web auditing tool called Goolag Scanner. "It's no big secret that the Web is the platform," said cDc official Oxblood Ruffin, in a statement. "And this platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for Web site owners to patch up their online properties. We've seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. Read More

post subject:news posted on:2008-02-25 00:00:00

Microsoft Launches SkyDrive Online Storage Service

Microsoft on Friday quietly took the wraps off a free online storage service that it says is the final piece of its Windows Live Internet services portfolio. Windows Live SkyDrive offers users up to 5 GB of free storage in password-protected servers. Users can also create folders accessible to friends, colleagues, or the general public. They can access their folders from any computer connected to the Internet by signing on to their Windows Live account. SkyDrive had been undergoing testing for the past several months, Microsoft said. Windows Live now offers a range of online services in addition to SkyDrive, including tools for e-mail, blogging, instant messaging, and social networking. The effort is part of Microsoft's attempt to keep pace with Google and acquisition target Yahoo in the growing Web services market. Read More

post subject:tech posted on:2008-02-25 00:00:00

Microsoft Pledges Broad Support For Interoperability, Open Standards

Microsoft on Thursday outlined a sweeping series of changes to the way it develops and licenses software as part of what the company said is an effort to bridge the gap between its commercial products and those built by open source developers and other third parties. The company said it is adopting four new "interoperability principles" to guide its revised business practices. First, Microsoft will work to ensure its products feature "open connections" that will allow outside developers to more easily write programs that interact with its own. To that end, Microsoft will publish on its Web site more than 30,000 pages of documentation for Windows client and server protocols previously available only through a trade secrets license. For patented protocols, Microsoft said it would offer licenses on "reasonable and non-discriminatory terms." Open source developers can access the protocols for free for non-commercial use without fear of lawsuits, Microsoft said. Read More

post subject:news posted on:2008-02-21 00:00:00

Black Hat Researcher Hacks Credit Cards

WASHINGTON -- BLACK HAT DC 2008 -- Ever wonder what’s on that magnetic strip on your credit card? Researcher Adam Laurie did, and here today at Black Hat DC he demonstrated and released a tool he developed for hacking credit-card mag strips as well as RFID chips implanted in some cards. Laurie, best known for his Rfidiot set of tools for hacking all things RFID (building passes, animal ID tags, passports, etc.), showed how his new Chapy tool could find account identification data stored on a credit card. Chapy is a Python-based script Laurie wrote that works with a card reader to scan and clone the data stored on the credit card. Read More

post subject:tech posted on:2008-02-20 00:00:00

Black Hat Conference: Experts Develop Cybersecurity Recommendations For Next President

A group of 40 former and current government cybersecurity experts has convened to put together a series of cybersecurity recommendations for the next U.S. president, members of the think-tank-sponsored Cyber Commission for the 44th President said Wednesday at the Black Hat security conference in Washington, D.C. "This is no longer a boutique issue," said James Lewis, director of the technology and public policy program for the Center for Strategic and International Studies. "It has to be a part of the thinking about national security from this point on. This is one of the central issues for national security and we want to make sure it doesn't go away." Read More

post subject:news posted on:2008-02-20 00:00:00

Intel Unveils Dual Quad-Core 'Skulltrail' Platform

Intel has introduced a dual-socket motherboard for PC makers that want to offer gamers and graphics professionals a high-powered machine that leverages two quad-core processors and multiple graphics cards. Formerly code-named Skulltrail, the Dual Socket Extreme Desktop Platform was introduced Tuesday at the Game Developers Conference in San Francisco. The platform comprises the Desktop Board D5400XS and two Core 2 Extreme QX9775 processors and can support Crossfire or SLI graphics cards from ATI or Nvidia, respectively. ATI is owned by Intel rival Advanced Micro Devices. Read More