style-details – Page 52 – Tech Today w/ Ken May

New Mac trojan tricks users into paying pricey cell phone fees

Doctor Web Researchers have discovered new Mac-based malware that’s designed to trick users into paying pricey subscription fees. Dubbed Trojan.SMSSend.3666, the trojan masquerades as “VKMusic 4 for Mac,” a name that closely resembles an app used to listen to music on a popular Russian social networking site, according to a report published on Wednesday by Russia-based antivirus provider Doctor Web. An installer prompts users for a cell phone number, purportedly as part of the registration process. Users who respond to a subsequent text message then receive a bill charged to their mobile account. “Trojans of this family used to plague Windows users, but Trojan.SMSSend.3666 targets owners of Apple computers,” Wednesday’s advisory stated. Read 1 remaining paragraphs | Comments

FBI snares $850 million Butterfly botnet ring with help of Facebook

On Tuesday, the FBI announced that it had arrested ten people connected to a botnet that had spread through Facebook. Spread by a virus targeting Facebook users, the botnet caused over $850 million in losses to financial institutions, infected over 11 million computers, and stole credit card and bank account data. The botnet itself was shut down in October, according to an FBI statement. This is the second major outbreak of botnets based on the Butterfly (aka Mariposa) bot tool. The first incarnation, discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims. In the latest incarnation of Butterfly, the botnet spread itself using variants of Yahos, a virus that spreads itself by sending links via social networks and instant messaging. Victims clicked on the link, launching Yahos’ attack. The malware, which in some variants disguised itself as an NVIDIA video driver , then downloaded and installed the botnet controls and browser exploits that captured users’ credit card and bank account information. The spread of viruses like Yahos prompted Facebook to partner with McAfee in 2010 to provide tools to users to clean infected systems. Read 1 remaining paragraphs | Comments

View article:
FBI snares $850 million Butterfly botnet ring with help of Facebook

FreedomPop launches free home wireless to compete with low-end DSL

FreedomPop’s new Hub Burst will begin shipping in January 2013. FreedomPop Just over three months after launching its free portable hotspot , FreedomPop now says its ready for the second phase of its expansion plan—a free home wireless connection. Like its portable device, which requires an $89 deposit to get 500MB of free mobile data over WiMAX, this new device (also with an $89 deposit) will offer 1GB of free data in nearly all of the 80 largest urban markets across the United States. “You’ll get speeds of 9 to 12Mbps when it’s fully optimized,” FreedomPop’s CEO Stephen Stokols told Ars, saying that it would be comparable to DSL. Read 13 remaining paragraphs | Comments

California law enforcement moves to buy drones, draws controversy

UAV set up for Wylye intersection. QinetiQ group Since Congress passed legislation in February ordering the Federal Aviation Administration to fast-track the approval of unmanned aerial vehicles—more colloquially known as drones—for use by law enforcement agencies, police and sheriff departments across the country have been scrambling to purchase the smaller, unarmed cousins of the Predator and Reaper drones which carry out daily sorties over Afghanistan, Yemen, and other theaters of operation. Alameda County in California has become one of the central battlegrounds over the introduction of drones to domestic police work. Earlier this year , Alameda County Sheriff Gregory Ahern raised the hackles of local civil libertarians (and there are quite a few of those in the county, which encompasses Berkeley and Oakland) by declaring his intention to purchase a drone to assist with “emergency response.” According to Ahern, Alameda Sheriff’s personnel first tested a UAV in fall 2011 and gave a public demonstration of the machine’s usefulness for emergency responses during the Urban Shield SWAT competition in late October. Were Alameda County to purchase a drone, it would set a precedent in California, which has long been an innovator in law enforcement tactics: from SWAT teams (pioneered in Delano and Los Angeles) to anti-gang tactics such as civil injunctions. The first documented incident of a drone being used to make an arrest in the United States occurred in North Dakota in June 2011, when local police received assistance from an unarmed Predator B drone that belonged to US Customs and Border Protection . The Federal Bureau of Investigation and Drug Enforcement Administration have also reportedly used drones for domestic investigations. Read 7 remaining paragraphs | Comments

Read this article:
California law enforcement moves to buy drones, draws controversy

Why Gmail went down: Google misconfigured load balancing servers

Portions of the Internet panicked yesterday when Gmail was hit by an outage that lasted for an agonizing 18 minutes . The outage coincided with reports of Google’s Chrome browser crashing. It turns out the culprit was a faulty load balancing change that affected products including Chrome’s sync service, which allows users to sync bookmarks and other browser settings across multiple computers and mobile devices. Ultimately, it was human error. Google engineer Tim Steele explained the problem’s origins in a developer forum : Chrome Sync Server relies on a backend infrastructure component to enforce quotas on per-datatype sync traffic. That quota service experienced traffic problems today due to a faulty load balancing configuration change. That change was to a core piece of infrastructure that many services at Google depend on. This means other services may have been affected at the same time, leading to the confounding original title of this bug [which referred to Gmail]. Because of the quota service failure, Chrome Sync Servers reacted too conservatively by telling clients to throttle “all” data types, without accounting for the fact that not all client versions support all data types. The crash is due to faulty logic responsible for handling “throttled” data types on the client when the data types are unrecognized. If the Chrome sync service had gone down entirely, the Chrome browser crashes would not have occurred, it turns out. “In fact this crash would *not* happen if the sync server itself was unreachable,” Steele wrote. “It’s due to a backend service that sync servers depend on becoming overwhelmed, and sync servers responding to that by telling all clients to throttle all data types (including data types that the client may not understand yet).” Read 4 remaining paragraphs | Comments

How Windows tech support scammers walked right into a trap set by the feds

Aurich Lawson Three weeks ago, Jack Friedman got a call from a man with an Indian accent claiming to be from the Windows technical team at Microsoft. Friedman, a Florida resident who is my friend Elliot’s grandfather, was told by “Nathan James” from Windows that he needed to renew his software protection license to keep his computer running smoothly. “He said I had a problem with my Microsoft system,” Friedman told me. “He said they had a deal for $99, they would straighten out my computer and it will be like brand new.” Friedman’s three-year-old Windows Vista computer was running a bit slow, as many PCs do. Friedman is often suspicious of unsolicited calls, but after talking with Nathan on the phone and exchanging e-mails, he says, “I figured he was a legitimate guy.” Friedman handed over his Capital One credit card number, and the “technician” used remote PC support software to root around his computer for a while, supposedly fixing whatever was wrong with it. “I could see my arrow going all over the place and clicking different things on my computer,” Friedman said. But that $99 Capital One credit card charge turned into a $495 wire transfer. Then Bank of America’s fraud department called Friedman, and said, “somebody is trying to get into your account.” Whoever it was had entered the wrong password multiple times, and as a precaution Friedman’s checking account was shut down. Read 35 remaining paragraphs | Comments

More:
How Windows tech support scammers walked right into a trap set by the feds

Sophisticated botnet steals more than $47M by infecting PCs and phones

Behold—the Eurograbber, visualized. Aurich Lawson / Thinkstock A new version of the Zeus trojan—a longtime favorite of criminals conducting online financial fraud—has been used in attacks on over 30,000 electronic banking customers in Europe, infecting both their personal computers and smartphones. The sophisticated attack is designed to circumvent banks’ use of two-factor authentication for transactions by intercepting messages sent by the bank to victims’ mobile phones. The malware and botnet system, dubbed “Eurograbber” by security researchers from Check Point Software and Versafe, was first detected in Italy earlier this year. It has since spread throughout Europe. Eurograbber is responsible for more than $47 million in fraudulent transfers from victims’ bank accounts, stealing amounts from individual victims that range from 500 Euros (about $650) to 25,000 Euros (about $32,000), according to a report published Wednesday (PDF) . The malware attack begins when a victim clicks on a malicious link, possibly sent as part of a phishing attack. Clicking on the link directs them to a site that attempts to download one or more trojans: customized versions of Zeus and its SpyEye and CarBerp variants that allow attackers to record Web visits and then inject HTML and JavaScript into the victim’s browser. The next time the victim visits their bank website, the trojans capture their credentials and launch a JavaScript that spoofs a request for a “security upgrade” from the site, offering to protect their mobile device from attack. The JavaScript captures their phone number and their mobile operating system information—which are used in the second level of Eurograbber’s attack. Read 3 remaining paragraphs | Comments

Visit site:
Sophisticated botnet steals more than $47M by infecting PCs and phones

Windows 8 takes 1 percent of Web usage as Internet Explorer gains

Enlarge Net Marketshare November saw Firefox climb back up above 20 percent, Internet Explorer grow further still, and Chrome apparently suffer a surprisingly sharp drop. Enlarge Net Marketshare Enlarge Net Marketshare Internet Explorer was up 0.63 points at 54.76 percent, its highest level since October 2011. Firefox was up 0.45 points to 20.44 percent, all but erasing the last six month’s losses. Chrome, surprisingly, was down a whopping 1.31 points to 17.24 percent, its lowest level since September 2011. We’ve asked Net Applications, the source we use for browser market share data, if it has made any change in its data collection that might account for this large Chrome drop. The company attributed this in part to the exclusion of Chrome’s pre-rendering data. It estimates that 11.1 percent of all Chrome pageviews are a result of pre-rendering (where Chrome renders pages that aren’t currently visible just in case the user wants to see them) and accordingly excluded this from its figures. Read 4 remaining paragraphs | Comments

View the original here:
Windows 8 takes 1 percent of Web usage as Internet Explorer gains

Google, Microsoft, PayPal, other Romanian sites hijacked by DNS hackers

For a brief time, people trying to visit google.ro on Wednesday were connected to this page instead. Kaspersky Labs Romanian websites for Google, Microsoft, Yahoo, PayPal, and other operators were briefly redirected to a rogue server on Wednesday. The redirect is most likely a result of a decade-old hacking technique that underscores the fragility of the Internet’s routing system. For a span of one to several hours on Wednesday morning, people typing Google.ro , Yahoo.ro , and Romanian-specific addresses for other sites connected to a website that was purportedly run by an Algerian hacker, according to numerous security blog posts, including this one from Kaspersky Lab. Researchers said the most likely explanation for the redirection is a technique known as DNS poisoning, in which domain name system routing tables are tampered with, causing domain names to resolve to incorrect IP addresses. DNS poisoning first came to light in the mid-1990s when researchers discovered that attackers could inject spoofed IP addresses into the DNS resolvers belonging to Internet service providers and large organizations. The servers would store the incorrect information for hours or days at a time, allowing the attack to send large numbers of end users to websites that install malware or masquerade as banks or other trusted destinations. Over the years, DNS server software has been updated to make it more resistant to the hack, most recently in 2008, when numerous providers introduced fixes to patch a DNS cache poisoning vulnerability discovered by researcher Dan Kaminsky. Read 3 remaining paragraphs | Comments

Continue reading here:
Google, Microsoft, PayPal, other Romanian sites hijacked by DNS hackers

Review: 3M Streaming Projector is good, but not perfect

What happens when you combine a 4.3 x 4.2 x 2 inch projector with a wealth of streaming content services? You get the handheld, portable Streaming Projector by 3M and Roku. The two companies have teamed up to offer the best of each of their worlds in one compact package. While overall it’s a useful device, it does have a couple of kinks that need to be worked out. The 3M Streaming Projector is a neat idea, especially in a world overrun by set-top boxes. Pocket projectors have been around for a while now, so this isn’t an entirely new concept. But rather than having to connect the projector to an external device—like a smartphone or computer, the included Roku streaming stick provides the content. The projector also features dual-band Wi-Fi, so it has the same functionality as a Roku box, though its output is blown up all over the wall. Design The projector is rated at 60 lumens. The 3M Streaming Projector is easy to cart around. It’s small enough stick in a laptop bag or a purse to bring over to a friend’s house. The device features two volume buttons, as well as buttons to power on the device, sift through settings, and check on things like battery power and brightness. On one side of the projector, there’s a plug for the power supply, as well as an audio out to plug in headphones or an external speaker system. On the other side, there’s a wheel to adjust the focus of the picture to ensure that movies and slide shows aren’t blurry. The Streaming Projector can be mounted on a tripod via a ventral screw-hole, should there be a lack of tables high enough to properly display the picture on a blank wall. Read 13 remaining paragraphs | Comments

Continue Reading:
Review: 3M Streaming Projector is good, but not perfect