Wednesday, December 03, 2014

G-Data Reins In Regin: Top-tier Espionage Tool.

Regin is a full cyber espionage platform capable of complete remote control and monitoring on all possible levels. Attribution is difficult in cases like this however considering the complexity of development, G-Data suspects that this operation is supported by a nation-state, but not originating from Russia and not from China.

Kaspersky Lab has done some research on the Regin as well;

Perhaps one of the most publicly known victims of Regin is Jean Jacques Quisquater (https://en.wikipedia.org/wiki/Jean-Jacques_Quisquater), a well-known Belgian cryptographer. In February 2014, Quisquater announced he was the victim of a sophisticated cyber intrusion incident. We were able to obtain samples from the Quisquater case and confirm they belong to the Regin platform.
G-Data has created a tool to detect the trojan;
We identified the use of an encrypted virtual file system. In the version mentioned above, the file system is a fake .evt file in %System%\config. The header of the virtual file system is always the same:
typedef struct _HEADER {
  uint16_t SectorSize;
  uint16_t MaxSectorCount;
  uint16_t MaxFileCount;
  uint8_t FileTagLength;
  uint16_t crc32custom;
}
During our analysis, the checksum was a CRC32. A generic approach to detect the infection could be a detection of the existence of a virtual file system on the infected system by checking the custom CRC32 value at the beginning of the file system.
 Get the tool from G-Data

Tuesday, December 02, 2014

FBI Warns Business Of 'Destructive' Malware Attackes In The Wake Of Sony Hack.

According to Reuters, the FBI has warned businesses in the USA via a confidential report about new malicious software that can be used to launch "destructive" cyber attacks, which explains that U.S. businesses should remain vigilant. Last week Sony Pictures was hacked and and investigators are still at task.
The report does not directly connect the Sony incident but the five page FBI report mentions about the malware used in the attack. It advices business how to react to the Malware and to report any suspected malware to FBI.
The malware overrides all data on hard drives of computers, including the master boot record, which prevents them from booting up.The hard drives will need to be replaced or re imaged after such attacks and is very time consuming.
Reuters

Tuesday, November 25, 2014

EFF Files Amicus Brief Asking To Invalidate DietGoal's "Picture Menu" Patent.

EFF filed an amicus brief yesterday asking Federal Circuit to invalidate U.S. Patent No. 6,585,516 because it improperly claims ineligible abstract ideas. EFF Brief, argues that the patent on using picture menus stored in a database to create meals should never have been granted in the first place. But more importantly, EFF argues that the Federal Circuit should confirm that quick, early decisions as to patent eligibility are vital to clearing our system of bad patents.

Typical troll fashion, DietGoal sued over 70 different companies since 2011, including restaurant chains such as Pita Pit, Taco John’s, and Panda Express. Usually trolls go after people who are too small, or have no much knowledge in the patent laws, to fight back.
But they met their match when they sued Bravo Media, for offering the public recipes (and presumably pictures) from its “Top Chef” show. Unlike other defendants faced with the troll's lawsuit and settling, Bravo filed, and won, a motion for “summary judgment” (a court procedure that can end the case before it goes to a jury). The court found the patent invalid because it claimed matter that is ineligible for patent protection.
DietGoal appealed that decision, wasting valuable time of the courts and people to keep their scheme afloat.
The brief was filed on behalf of a diverse group of non-profits and industry associations: Application Developers Alliance, the Computer and Communications Industry Association, EFF, Engine Advocacy, the National Restaurant Association, and Public Knowledge.
Read more at  EFF, "EFF to Court: Don’t Waste Time, A “Picture Menu” is Not Patentable"

Friday, November 21, 2014

FTC Denies AgeCheq's COPPA Rule verifiable parental consent method,

After conducting a public comment period and review of AgeCheq, Inc.’s application for Children’s Online Privacy Protection (COPPA) Rule verifiable parental consent method, the FTC has decided deny the company’s application.
Under the COPPA Rule, online sites and services directed at children under 13, and general audience sites or services that knowingly collect, use, or disclose personal information from children under 13, must obtain permission from a child’s parents before collecting personal information from that child. The rule lays out a number of acceptable methods for gaining parental consent, but also includes a provision allowing interested parties to submit new verifiable parental consent methods to the Commission for approval. Approved methods may be used by any company, not just the particular applicant requesting approval of the method.
FTC

Wednesday, November 19, 2014

Flip A Coin With Google App, OK Google!

Among many other things that you can do with the Android devices and Android Lollipop, you can also flip a coin.

Can't decide 49ers or Warriors (it is Warriors, for me) just say OK Google Flip A Coin.

Google App, Gets Material Design - OK Google! | VOIP IP Telephony

Music Manager Asks Youtube To Pull 20,000 Music VIdeos.

Man, after Taylor Swift, everyone one wants a piece of every music. Long time music royalty manager, of Global Music Rights, which holds catalog that includes songs written by John Lennon, the Eagles, Pharrell Williams, Ira Gerswhin and Smokey Robinson, has asked Youtube to pull out as many as 20,000 songs.
GMR has said the YouTube's Music Key does not cover it's client and further more they will go after other music services like Pandora, SoundCloud for the same end, to increase the haul.
WSJ

Tuesday, November 18, 2014

USA Freedom Act Fails In The Senate.

Even as we all watched with fingers crossed type anticipation, The USA Freedom Act or NSA Reform failed to gain 60 votes it needed to succeed. it was 58 to 42.
Given the current situation in the Senate, I guess we will have to hope, with uncrossed fingers next few years.
But in the mean while, horn up you encryption capabilities, encrypt email, and don't call anyone :) for next few years. You will be fine, as any of those senators who voted against would say.

FORM SF 2014 : Design

google.com/design/form

LetsEncrypt Will Offer Free Encryption Server Certificates, With EFF Support.



I pay a lot for my server certificates else where, but that is because it is enforced to do so. If we had free certificates like Letsencrypt, 5 years ago, world wide web would be a much better place. But it is never too late.

EFF, LetsEncrypt To Offer Free Encryption Server Certificates. 

Monday, November 17, 2014

Ultramercial’s Infamous Patent On Advertising On the Internet Invalidated

Patent troll Ultramercial was using absurd patent U.S. Patent 7,346,545 to sue internet companies for showing advertisements before the actual content in 2009. The ensuring years, abstract software patents were challenged in various courts and former Chief Judge Randall Rader, twice found the patent valid. Yes some people take long to learn. It must be pretty easy to pass the bar.
But the Supreme Court was different, it vacated both of these rulings and sent the case back for reconsideration.
Proving common sense is still present, Today, on its third try, the Federal Circuit finally held the patent invalid.
Please read the complete article on FSF, who wrote 4 amicus briefs for the court on the case. 

Chromebook And Google Apps For Education Get Approval For NYC Schools

After getting Google leading the pack in terms of tablets and notebooks sold to K-12 education providers, both domestically some countries like Malayasia, now it is set to expand the ground. Google has been approved to provide Chromebooks and Google Apps for Education to the New York City Department of Education. The NYC CIO has signed on with google, Chromebooks and Google Apps for Education, as part of their approved and supported (from an IT standpoint) tools for this school year. There is  NYC DoE Google Apps for Education Resource Center that helps teachers or anyone in their districts to get started.
This is very good for Google because now it can reach out to another 1 million plus students, in 1,800 schools with approval.
Google also worked hard on their end to ensure that Chromebooks and Google Apps for Education worked, properly by working with OEMs who built Chromebooks to ensure that the devices meet the standard.