None of us like to think about our death or the death of a loved one, but death is one thing it’s important to prepare for. When it comes, you don’t want to be stuck trying to get into a loved one’s Gmail or Facebook account to shut things down. This graphic shows you what you’re in for, and what you—or your loved ones—should have ready. Read more…
Continue reading here:
This Graphic Shows What Happens to Your Social Accounts When You Die
Today, following an investigation to which the Microsoft Malware Protection Center (MMPC) contributed, the Microsoft Digital Crimes Unit initiated a disruption of the Jenxcus and Bladabindi malware families. These families are believed to have been created by individuals Naser Al Mutairi, aka njQ8, and Mohamed Benabdellah, aka Houdini. These actions are the first steps to stop the people that created, distributed, and assisted the propagation of these malware families. There are more details about the takedown itself in the latest blog from the Microsoft Digital Crimes Unit . At the MMPC we have been monitoring both malware families for some time. We have observed the Bladabindi family since at least July 2012. Jenxcus came onto the scene as early as December 2012. During the past year, Microsoft detected more than 7, 486, 833 instances of computers operating Microsoft Windows with some version of Bladabindi or Jenxcus. Figure 1: Heat map showing the global impact of Bladabindi and Jenxcus during the past year Figure 2: Machine encounters per month for Jenxcus Figure 3: Machine encounters per month for Bladabindi These families can install backdoor trojans on your computer, which allow criminals to steal your information, such as your passwords, and use your computer to collect other sensitive information. For example, Bladabindi can take snapshots and record videos without your permission. It can also control your system remotely. These backdoor trojans can also upload new components or malware to your computer to add more malicious functionality. They often communicate with hosts that are typically a Dynamic DNS service such as NO-IP because this makes them more difficult to trace. Figure 4: An example dashboard showing how an attacker controls infected machines Figure 5: The possible commands available to the malware writer These malware families spread primarily through social engineering techniques that try to trick unsuspecting victims into carrying out some action which results in their computer getting infected. For example, Bladabindi can be installed when you: Visit a hacked website. Click on a malicious link in a social media message. Receive and open an email “sent” by friends and family who have been infected with the malware. Bladabindi also plants files with enticing names and icons on removable media and linked drives to lure new victims. There are more example of these techniques in our blog MSRT January 2014 – Bladabindi . Most Jenxcus infections occur through torrents and websites when the malware is bundled with other programs or videos. Jenxcus also tries to trick you into installing it by pretending to be a Flash update that you need to install before watching a video. After infecting a computer, Jenxcus leaves enticing shortcut files on removable media that look like songs or other personal files. When opened these files run a copy of the malware. Through our research we have observed that there is information available in public online forums and group discussions, including tutorials, which allow anyone to download a package and create their own versions of the malware. This makes Bladabindi and Jenxcus a bit different from the previous botnets we have seen. A traditional botnet usually has one command-and-control (CNC) server to control all infected machines. In the case of Bladabinda and Jenxcus there can be a syndicate of botnets and thousands of botnet herders. Figure 6: The communication method of the CNC and the infected system Microsoft added Bladabindi to the Malicious Software Removal Tool in January 2014. Jenxcus was added to the MSRT in February 2014. However, with aggressive infection and distribution methods, the malware authors and the distribution system behind them have continued to affect thousands of Microsoft customers every day. Anyone concerned that their computer is infected with malware should follow the guidance available from the Microsoft Support Virus and Security Center . To help stay protected we also recommend you to install an up-to-date, real-time protection security product such as Microsoft Security Essentials . Tanmay Ganacharya and Francis Tan Seng MMPC
Original post:
Microsoft Digital Crimes Unit disrupts Jenxcus and Bladabindi malware families
Microsoft Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users. Microsoft enforced a federal court order making the company the domain IP resolver for the No-IP domains. Microsoft said the objective of the seizure was to identify and reroute traffic associated with two malware families that abused No-IP services. Almost immediately, end-users, some of which were actively involved in Internet security, castigated the move as heavy handed, since there was no evidence No-IP officially sanctioned or actively facilitated the malware campaign, which went by the names Bladabindi (aka NJrat) and Jenxcus (aka NJw0rm). “By becoming the DNS authority for those free dynamic DNS domains, Microsoft is now effectively in a position of complete control and is now able to dictate their configuration,” Claudio Guarnieri, co-founder of Radically Open Security, wrote in an e-mail to Ars Technica. “Microsoft fundamentally swept away No-IP, which has seen parts of its own DNS infrastructure legally taken away.” Read 6 remaining paragraphs | Comments
Read the article:
Millions of dymanic DNS users suffer after Microsoft seizes No-IP domains
Kevlangdo Researchers have warned of a vulnerability present on an estimated 10 percent of Android phones that may allow attackers to obtain highly sensitive credentials, including cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices. The vulnerability resides in the Android KeyStore , a highly sensitive region of the Google-made operating system dedicated to storing cryptographic keys and similar credentials, according to an advisory published this week by IBM security researchers. By exploiting the bug, attackers can execute malicious code that leaks keys used by banking and other sensitive apps, virtual private network services, and the PIN or finger patterns used to unlock handsets. The advisory said Google has patched the stack-based buffer overflow only in version 4.4, aka KitKat, of Android. The remaining versions, which according to Google figures run 86.4 percent of devices , have no such fix. In an update, IBM said the vulnerability affected only version 4.3, which runs on about 10.3 percent of handsets. There are several technical hurdles an attacker must overcome to successfully exploit the vulnerability. Android is fortified with modern software protections, including data execution prevention and address space layout randomization, both of which are intended to make it much harder for hackers to execute code when they identify security bugs. Attackers would also have to have an app installed on a vulnerable handset. Still, the vulnerability is serious because it resides in KeyStore, arguably one of the most sensitive resources in the Android OS. In an e-mail, Dan Wallach , a professor specializing in Android security in the computer science department of Rice University, explained: Read 5 remaining paragraphs | Comments
See the original article here:
Serious Android crypto key theft vulnerability affects 10% of devices
An anonymous reader writes University of Cambridge scientists have broken a decade-old superconducting record by packing a 17.6 Tesla magnetic field into a golf ball-sized hunk of crystal — equivalent to about three tons of force. From the Cambridge announcement: “A world record that has stood for more than a decade has been broken by a team led by University of Cambridge engineers, harnessing the equivalent of three tonnes of force inside a golf ball-sized sample of material that is normally as brittle as fine china. The Cambridge researchers managed to ‘trap’ a magnetic field with a strength of 17.6 Tesla — roughly 100 times stronger than the field generated by a typical fridge magnet — in a high temperature gadolinium barium copper oxide (GdBCO) superconductor, beating the previous record by 0.4 Tesla.” Read more of this story at Slashdot.
View post:
Cambridge Team Breaks Superconductor World Record
Aurich Lawson Over the weekend, Steam’s annual summer video game sale posted its final list of bargains, gathering the two-week sale’s most popular discounts for one last hurrah. Steam sales veterans, heeding the usual advice of “wait until the last day,” responded in kind by storming the service during the sale’s final 24 hours. On Steam’s official statistics page, which logs the past 48 hours of activity, the service confirmed just how big that last hurrah was, counting over 8 million simultaneous live users on Sunday . That’s a new peak for the service, which had crossed the 7 million concurrent mark this past December. Valve Software, operators of the Steam store, announced during January’s Steam Dev Days that the service had reached 75 million active users, which comes shy of the 186 million accounts we measured in April . A NeoGAF thread talking about the Steam numbers showed that they compare well to Xbox Live’s 48 million members (both Gold and otherwise) as of May 2013 and PSN’s 110 million members as of July 2013. Read 1 remaining paragraphs | Comments
View post:
Steam reaches highest-ever concurrent user count at over 8 million
DroidJason1 writes One of Microsoft’s main goals with Windows 9, the next major version of Windows, is to win over Windows 7 hold outs. The operating system will look and work differently based on hardware type. Microsoft is looking to showcase the desktop for desktop and laptop users, while two-in-one devices like the Surface Pro or Lenovo Yoga will support switching between the Metro interface and the classic desktop interface. The new desktop will allow Modern UI apps to run in windowed mode, and have Modern UI apps pinned to the Start Menu instead of a Start Screen. There will also be a mini-start menu. Microsoft is looking to undo the usability mistakes it made with Windows 8 for those who are not on a touch device. WIndows 9 is expected around spring of 2015. Read more of this story at Slashdot.
View post:
Windows 9 To Win Over Windows 7 Users, Disables Start Screen For Desktop
Andrew Cunningham Apple today released iOS 7.1.2, the second minor update to iOS 7.1 . The list of changes is short and focused mainly on minor bugs—it “improves iBeacon connectivity and stability,” patches a security hold whereby at-rest e-mail attachments could be accessed by an attacker if he or she had physical access to your phone, and fixes a problem with data transfers from accessories “including barcode scanners.” The e-mail attachment bug is probably the most important thing addressed by the update—it was reported widely back in April when Andreas Kurtz wrote about it on his blog . Kurtz was able to access e-mail attachments using standard tools on several different iOS devices running versions 7.1.1 and 7.0.4. As part of the iBeacon update, iOS 7.1.2 also re-enables Bluetooth on iOS devices, which we verified on an iPhone 5S by disabling Bluetooth before installing the update. Read 1 remaining paragraphs | Comments
Read the original:
Apple releases iOS 7.1.2 with iBeacon, mail attachment encryption fixes
If you work in a lab, you’ve probably used lab glass made from quartz. But you probably haven’t realized that the reason those test tubes are so durable is exactly what makes them so hard to mold. These beautiful GIFs, shot at GE’s Global Research in upstate New York, shows exactly what it takes to make those beakers. Read more…
See original article:
The Beautiful Process of Turning Quartz Into Lab Glass at 3,000 Degrees
Brick-and-mortar book stores have clearly been on the decline for a while — just look at Barnes & Noble’s rocky finances . However, there’s now some tangible evidence that the pendulum has swung in favor of internet-based sales. BookStats estimates that US publishers made more money from online orders and e-books in 2013 ($7.54 billion) than they did from old-fashioned physical retail ($7.12 billion). While the difference isn’t huge, it suggests that a large chunk of the American population is content with buying books that it hasn’t seen in person. There is a bit of a dark cloud to this silver lining, at least for the booksellers. BookStats notes that e-book sales jumped about 10 percent to 512.7 million copies, but revenue was flat between 2012 and 2013; it may have been lower prices that triggered a surge in demand, not a renewed interest in going digital. With that said, researchers warn that their data doesn’t include books without ISBN numbers, so quite a few self-published e-books may have slipped through the cracks. Even with that wiggle room in the data, it’s evident that there’s a transition underway — you just shouldn’t expect to see the corner bookstore disappear overnight. [Image credit: Robert Michael/AFP/Getty Images] Filed under: Internet Comments Via: GigaOM Source: Book Industry Study Group
See the original post:
US book publishers now make more money from online sales than physical stores