Tag: california

Point-of-sale malware infecting Target found hiding in plain sight

Cyberslayer Independent security journalist Brian Krebs has uncovered important new details about the hack that compromised as many as 110 million Target customers, including the malware that appears to have infected point-of-sale systems and the way attackers first broke in. According to a post published Wednesday to KrebsOnSecurity, point-of-sale (POS) malware was uploaded to Symantec-owned ThreatExpert.com on December 18, the same day that  Krebs broke the news of the massive Target breach . An unidentified source told Krebs that the Windows share point name “ttcopscli3acs” analyzed by the malware scanning website matches the sample analyzed by the malware scanning website . The thieves used the user name “Best1_user” to log in and download stolen card data. Their password was “BackupU$r”. KrebsonSecurity The class of malware identified by Krebs is often referred to as a memory scraper, because it monitors the computer memory of POS terminals used by retailers. The malware searches for credit card data before it has been encrypted and sent to remote payment processors. The malware then “scrapes” the plain-text entries and dumps them into a database. Krebs continued: Read 2 remaining paragraphs | Comments

Continue reading here:
Point-of-sale malware infecting Target found hiding in plain sight

Google Play Movies & TV comes to iOS, minus the store and offline support

Google loves itself some iOS apps. Its newest addition to Apple’s platform is Google Play Movies & TV , Google’s video content store. To call the app a “store” on iOS is a bit of a misnomer, as buying content from the iOS app isn’t possible, thanks to Apple’s restrictions. What it  can do is play existing content that you’ve purchased on an Android device or through the Google Play Web interface . There isn’t much to the app. Movies and TV shows are broken out into separate categories, and everything is displayed as a large thumbnail. The individual content pages show a short description, a minimal list of credits, and the all-important “play” button. The app supports Google’s Chromecast via a button in the top right corner, and that’s about it. It’s simple, but a movie player doesn’t really need to be complicated. Compared to the Android version, there are a few things missing. The lack of a store means Google’s recommendation engine is missing too, which leads to of a lot of blank-looking pages. The biggest omission is offline support—there is no way to download a video for later offline viewing, so make sure you have a great Internet connection before pressing “play.” In fact, the app doesn’t work over a cellular connection at all—Wi-Fi is required. Read 2 remaining paragraphs | Comments

Visit site:
Google Play Movies & TV comes to iOS, minus the store and offline support

Critical Microsoft, Adobe, and Oracle updates: Like dental floss for your PC

drueckert.com I was still wiping the sleep from my eyes this morning when the nagging voice kicked in: before trawling the Internet for news, you better install yesterday’s security updates. It wasn’t a pleasant thought, given the raft of patches released yesterday by Microsoft, Adobe, and Oracle for a variety of products. But as someone who has covered computer security for eight years, I’ve come to make updating a top priority. And for good reason. A large percentage of the booby-trapped websites that surreptitiously install malware on visitors’ machines exploit vulnerabilities that have already been patched. The recent hack on Yahoo’s ad network , for instance, targeted two security flaws in the Java software framework that Oracle had fixed 17 and 24 months ago, Trend Micro reported in a blog post . Those who visited compromised Yahoo servers with up-to-date systems were immune to those attacks. By contrast, people using unpatched software were exposed to malicious payloads that installed the Dorkbot and Gamarue trojans, as well as malware that turned visitors’ machines into Bitcoin miners. Read 5 remaining paragraphs | Comments

See the original post:
Critical Microsoft, Adobe, and Oracle updates: Like dental floss for your PC

New DoS attacks taking down game sites deliver crippling 100Gbps floods

Online gamers such as these ones often stream their play in real time. Twitch Recent denial-of-service attacks taking down League of Legends and other popular gaming services are doing more than just wielding a never-before-seen technique to vastly amplify the amount of junk traffic directed at targets. In at least some cases, their devastating effects can deprive celebrity game players of huge amounts of money. As Ars reported last week, the attacks are abusing the Internet’s Network Time Protocol (NTP), which is used to synchronize computers to within a few milliseconds of Coordinated Universal Time . A command of just 234 bytes is enough to cause some NTP servers to return a list of up to 600 machines that have previously used its time-syncing service. The dynamic creates an ideal condition for DoS attacks. Attackers send a modest-sized request to NTP servers and manipulate the commands to make them appear as if they came from one of the targeted gaming services. The NTP servers, which may be located in dozens or even hundreds of locations all over the world, in turn send the targets responses that could be tens or hundreds of times bigger than the spoofed request. The technique floods gaming servers with as much as 100Gbps, all but guaranteeing that they’ll be taken down unless operators take specific precautions ahead of time. Among the targets of this new type of attack are game servers used by celebrity players who broadcast live video streams of their gaming prowess that are viewed as many as 50,000 times. In some cases, the massive audiences translate into tens of thousands of dollars per month, as ads are displayed beside video feeds of the players blowing away opponents in Dota 2 and other games. Read 8 remaining paragraphs | Comments

Excerpt from:
New DoS attacks taking down game sites deliver crippling 100Gbps floods

Powerful new planet finder snaps a direct image of an exoplanet

After 10 years of painstaking development, the Gemini Planet Imager has returned its first image of a distant exoplanet. Behold Beta Pictoris b, a massive planet several times larger than Jupiter — and over 63 light-years from Earth. Read more…        

Visit site:
Powerful new planet finder snaps a direct image of an exoplanet

Imagination Technologies boosts GPU speeds by 50 percent with Series 6XT

Imagination Technologies While most companies are withholding their big phone and tablet-related news until Mobile World Congress next month, this year’s CES is shaping up to be a busy one for mobile chip designers. Nvidia unveiled the latest version of its Tegra SoC last night, and this morning Imagination Technologies took the wraps off of some new graphics IP for mobile chips. There are two new designs being announced today, both relatives to the PowerVR Series 6 GPUs that are beginning to ship in phones and tablets today. At the top-end is the new PowerVR Series 6XT , which promises a 50 percent performance improvement and better power consumption compared to Series 6. These improvements come entirely from architectural optimizations, not more execution resources—the new GX6250, GX6450, and GX6460 parts use two, four, and six of Imagination’s “computer clusters,” the same number available in Series 6 GPUs. There’s also a GX6240 part, which uses two clusters but is “area-optimized” to take up less space in an SoC die. Like Series 6, Series 6XT supports DirectX 10, OpenGL ES 3.0 , and OpenCL 1.x on the API side. The Series 6XT GPU. The other GPU design being announced today is the Series 6XE series, which are being targeted to especially inexpensive or small SoCs. The G6050 and G6060 are both “half-cluster” parts—the two chips are identical aside from the G6060’s PVIRC2 lossless image compression support. The G6100 and G6110 are single cluster parts, again differentiated by PVIRC2 support in the G6110. The GPUs support only DirectX 9 shader model 3, a step down from the Series 6 and Series 6XT parts, but still support OpenGL ES 3.0 and OpenCL 1.x. Read 1 remaining paragraphs | Comments

Continue Reading:
Imagination Technologies boosts GPU speeds by 50 percent with Series 6XT

Researchers warn of new, meaner ransomware with unbreakable crypto

Security researchers have uncovered evidence of a new piece of malware that may be able to take gigabytes’ worth of data hostage unless end users pay a ransom. Discussions of the new malware, alternately dubbed PrisonLocker and PowerLocker, have been occurring on underground crime forums since November, according to a blog post published Friday by Malware Must Die, a group of researchers dedicated to fighting online crime. The malware appears to be inspired by CryptoLocker, the malicious software that wreaked havoc in October when it used uncrackable encryption to lock up victims’ computer files until they paid hundreds of dollars for the decryption key. PowerLocker could prove an even more potent threat because it would be sold in underground forums as a DIY malware kit to anyone who can afford the $100 for a license, Friday’s post warned. CryptoLocker, by contrast, was custom built for use by a single crime gang. What’s more, PowerLocker might also offer several advanced features, including the ability to disable the task manager, registry editor, and other administration functions built into the Windows operating system. Screen shots and online discussions also indicate the newer malware may contain protections that prevent it from being reverse engineered when run on virtual machines. Read 1 remaining paragraphs | Comments

View original post here:
Researchers warn of new, meaner ransomware with unbreakable crypto

Putting Windows and Android on the same PC doesn’t solve anyone’s problems

PC makers at CES may announce Windows PCs that run Android apps. But should you do something just because you can? Andrew Cunningham CES begins in just a few short days, but rumors about what we’ll be seeing there are already in full-swing. It’s a fair bet that the usual suspects will show up—phones, tablets, PCs, maybe even a Linux-powered gun or two—but the things that stick out usually end up being the Flavors of the Year. These are often technologies that are cool in theory but fail to light the world on fire in practice. Netbooks, 3D TVs, and the first run of Android tablets are all members of this illustrious group, and so far baubles like 4K TVs and smartwatches look like worthy heirs to the throne. One such upcoming flavor, according to a report from The Verge , is an Intel-backed initiative that combines Windows 8.1 and Android on the same device. Rather than combine an Android tablet with a Windows PC like Asus’ Transformer Book Trio , these computers will seamlessly run Android apps within a Windows environment, probably by way of a virtualization layer like Bluestacks . This idea is in no way new, though the report suggests that a larger push is imminent. The initiative makes some sense for Intel and the OEMs. For Intel, it’s a way to offer tablet makers something that they can’t get from ARM chips like those from Qualcomm or Nvidia: the ability to provide full Windows 8.1 app compatibility combined with Android app compatibility. For the OEMs, it’s (theoretically) a way to patch gaps in Windows 8.1’s improving-but-spotty app store by giving consumers Android tablet apps that they (theoretically) know and love. Read 7 remaining paragraphs | Comments

Follow this link:
Putting Windows and Android on the same PC doesn’t solve anyone’s problems

GOG’s managing director: Gamer resistance to DRM is stronger than ever

GOG.com’s Guillaume Rambourg giving Jenga advice. Digital games distribution site GOG (Good Old Games) has spent the last five years offering classic videogame titles DRM-free to its customers. Earlier in 2013, the site launched an indie publishing platform which allowed independent developers to submit their games for sale through GOG—an alternative to Steam’s contentious Greenlight initiative . Wired.co.uk spoke to Guillaume Rambourg, managing director of GOG.com, to discuss DRM, anti-sales, and why exactly the site was offering the original Fallout games free of charge. Wired.co.uk: What was the story behind setting up the GOG.com website? Rambourg: It all began in the mid-90s, when friends Marcin Iwinski and Michal Kicinski started their business as retail distributors in Poland. Back then, Poland was a very highly pirated market, with most gamers using outdated hardware and not having too much money to spend on games. That’s a tough market to break into: one where people aren’t used to paying for games. Read 32 remaining paragraphs | Comments

Read the original:
GOG’s managing director: Gamer resistance to DRM is stronger than ever

Why NSA spied on inexplicably unencrypted Windows crash reports

The National Security Agency’s X-KEYSCORE program gives the spy agency access to a wide range of Internet traffic. Any information that isn’t encrypted is, naturally, visible to passive Internet wiretaps of the kind the NSA and other intelligence agencies use. This in turn will typically expose such things as e-mails, online chats, and general browsing behavior. And, according to slides published this weekend by Der Spiegel , this information also includes crash reports from Microsoft’s Windows Error Reporting facility built in to Windows. These reports will tell eavesdroppers what versions of what software someone is running, what operating system they use, and whenever that software has crashed. Windows also sends messages in the clear whenever a USB or PCI device is plugged in as part of its hunt for suitable drivers. Read 3 remaining paragraphs | Comments

Read the original:
Why NSA spied on inexplicably unencrypted Windows crash reports