wired – Page 7 – Tech Today w/ Ken May

Media devices sold to feds have hidden backdoor with sniffing functions

(credit: AMX) A company that supplies audio-visual and building control equipment to the US Army, the White House, and other security-conscious organizations built a deliberately concealed backdoor into dozens of its products that could possibly be used to hack or spy on users, security researchers said. Members of Australia-based security firm SEC Consult said they discovered the backdoor after analyzing the AMX NX-1200 , a programmable device used to control AV and building systems. The researchers first became suspicious after encountering a function called “setUpSubtleUserAccount” that added an highly privileged account with a hard-coded password to the list of users authorized to log in. Unlike most other accounts, this one had the ability to capture data packets flowing between the device and the network it’s connected to. “Someone with knowledge of the backdoor could completely reconfigure and take over the device and due to the highest privileges also start sniffing attacks within the network segment,” SEC Consult researcher Johannes Greil told Ars. “We did not see any personal data on the device itself, besides other user accounts which could be cracked for further attacks.” Read 4 remaining paragraphs | Comments

See the original article here:
Media devices sold to feds have hidden backdoor with sniffing functions

Security firm sued for filing “woefully inadequate” forensics report

(credit: ErrantX ) A Las Vegas-based casino operator has sued security firm Trustwave for conducting an allegedly “woefully inadequate” forensics investigation that missed key details of a network breach and allowed credit card thieves to maintain their foothold during the course of the two-and-a-half month investigation. In a legal complaint filed in federal court in Las Vegas, Affinity Gaming said it hired Trustwave in October 2013 to investigate and contain a network breach that allowed attackers to obtain customers’ credit card data. In mid January 2014, Trustwave submitted a report required under payment card industry security rules on all merchants who accept major credit cards. In the PCI forensics report, Trustwave said it had identified the source of the data breach and had contained the malware responsible for it. More than a year later after Affinity was hit by a second credit card breach, the casino operator allegedly learned from Trustwave competitor Mandiant that the malware had never been fully removed. According to the December, 2015 complaint : Read 4 remaining paragraphs | Comments

Multi-gigabit cable modems ready to help you blow past your data cap

(credit: CableLabs ) Next-generation cable modems that can deliver multi-gigabit speeds have been certified by CableLabs, the cable industry’s research and development lab. The new modems use version 3.1 of DOCSIS (the Data Over Cable Service Interface Specification), cable’s answer to fiber Internet speeds. The first DOCSIS 3.1 certifications were earned by Askey, Castlenet, Netgear, Technicolor, and Ubee Interactive, according to the announcement by CableLabs . The group’s testing confirms that the modems comply with the new DOCSIS spec. DOCSIS 3.1 reduces network latency and will enable “high-speed applications including Virtual and Augmented Reality, advanced video technologies such as Ultra High Definition 4K television, tele-existence and medical imaging, and gaming,” CableLabs said. Read 3 remaining paragraphs | Comments

More:
Multi-gigabit cable modems ready to help you blow past your data cap

David Bowie’s ISP, as remembered by the guy who helped create “BowieNet”

David Bowie. (credit: davidbowie.com ) When David Bowie became an Internet service provider in 1998, a man named Ron Roy helped him start the business. Now, three days after the legendary musician’s death at age 69, we’ve interviewed Roy about how “BowieNet” came to life and why it was so important to the artist. “David was tremendously involved from day one,” Roy told Ars via e-mail. Roy appeared in some of the first press releases that followed BowieNet’s US and UK launches; we tracked him down at his current business, Wines That Rock . It was a lot easier to become an Internet service provider in 1998 than it is today. Instead of the enormous expense of deploying fiber or cable throughout a city, ISPs could spring to life by selling dial-up connections to anyone with a telephone line. BowieNet’s dial-up service sold full access to the Internet for $19.95 a month (or £10.00 in the UK), but it was also a fan club that provided exclusive access to David Bowie content such as live video feeds from his studio. Customers who already had a dial-up Internet provider and didn’t want to switch could buy access to BowieNet content separately for $5.95 a month. BowieNet had about 100,000 customers at its peak, Roy said. Read 10 remaining paragraphs | Comments

Taken from:
David Bowie’s ISP, as remembered by the guy who helped create “BowieNet”

Big names gamble big bucks on blood tests for early cancer detection

Forget biopsies, ultrasounds, mammograms, pap smears, rectal exams, and other unpleasant cancer screenings—the race is now on for simple, affordable blood tests that can detect all sorts of cancers extremely early. On Sunday, genetic sequencing company Illumina Inc. announced the start of a new company called Grail, which will join dozens of companies developing such blood tests. Toting big-name investors including Microsoft co-founder Bill Gates and Amazon founder Jeff Bezos, Illumina’s high-profile startup raised more than $100 million to get Grail going. The company hopes that Grail’s tests will be on the market by 2019 and cost around $500 a pop. Though researchers have recently questioned the benefits of early cancer screening—showing in some cases that early detection does not generally save lives —Illumina is confident that the science behind the blood-based screens is at least possible. Illumina Chief Executive Jay Flatley, who will be Grail’s chairman, said Illumina has been working on the tests for about a year and a half. “We’ve made tremendous progress, which gives us the confidence that we can get to the endpoint that we expect.” Read 5 remaining paragraphs | Comments

Read the original post:
Big names gamble big bucks on blood tests for early cancer detection

Intel Skylake bug causes PCs to freeze during complex workloads

Intel has confirmed that its Skylake processors suffer from a bug that can cause a system to freeze when performing complex workloads. Discovered by mathematicians at the Great Internet Mersenne Prime Search (GIMPS), the bug occurs when using the GIMPS Prime95 application to find Mersenne primes. “Intel has identified an issue that potentially affects the 6th Gen Intel Core family of products. This issue only occurs under certain complex workload conditions, like those that may be encountered when running applications like Prime95. In those cases, the processor may hang or cause unpredictable system behaviour.” Intel has developed a fix, and is working with hardware partners to distribute it via a BIOS update. Read 6 remaining paragraphs | Comments

Originally posted here:
Intel Skylake bug causes PCs to freeze during complex workloads

Latest tech support scam stokes concerns Dell customer data was breached

Enlarge (credit: Jjpwiki ) Tech-support scams, in which fraudsters pose as computer technicians who charge hefty fees to fix non-existent malware infections, have been a nuisance for years . A relatively new one targeting Dell computer owners is notable because the criminals behind it use private customer details to trick their marks into thinking the calls come from authorized Dell personnel. “What made the calls interesting was that they had all the information about my computer; model number, serial number, and notably the last item I had called Dell technical support about (my optical drive),” Ars reader Joseph B. wrote in an e-mail. “That they knew about my optical drive call from several months prior made me think there was some sort of information breach versus just my computer being compromised.” He isn’t the only Dell customer reporting such an experience. A blog post published Tuesday reported scammers knew of every problem the author had ever called Dell about. None of those problems were ever discussed in public forums, leading the author to share the suspicion that proprietary Dell data had somehow been breached. Read 7 remaining paragraphs | Comments

T-Mobile added another 8.3 million customers in 2015

T-Mobile USA added 8.3 million customers last year, including 2.1 million in the fourth quarter, solidifying its position as the country’s number three wireless carrier ahead of Sprint and behind Verizon Wireless and AT&T. T-Mobile had 63.3 million customers as of December 31, 2015, up from 55 million customers at the end of 2014, the company announced today in a preliminary earnings report. In total, T-Mobile now has 29.4 million postpaid phone customers, 2.3 million postpaid mobile broadband customers, 17.6 million prepaid customers, and 14 million wholesale customers. This was the second consecutive year that T-Mobile boosted its customer total by more than 8 million. (credit: T-Mobile) T-Mobile has also improved its churn rate—the percentage of subscribers who discontinued service—meaning that fewer customers are leaving for other carriers. Read 2 remaining paragraphs | Comments

More:
T-Mobile added another 8.3 million customers in 2015

First known hacker-caused power outage signals troubling escalation

(credit: Krzysztof Lasoń ) Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said. The outage left about half of the homes in the Ivano-Frankivsk region of Ukraine without electricity, Ukrainian news service TSN reported in an article posted a day after the December 23 failure . The report went on to say that the outage was the result of malware that disconnected electrical substations. On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators. They said the malware led to “destructive events” that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage. “It’s a milestone because we’ve definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout,” John Hultquist, head of iSIGHT’s cyber espionage intelligence practice, told Ars. “It’s the major scenario we’ve all been concerned about for so long.” Read 7 remaining paragraphs | Comments

See the original post:
First known hacker-caused power outage signals troubling escalation

Yandex worker stole search engine source code, tried selling for just $28K

(credit: Yandex ) An employee of Russia’s Internet giant Yandex, Dmitry Korobov, stole the source code of its search engine and tried to sell it on the black market to fund his own startup, according to a report by the Russian newspaper Kommersant . A Russian court has found Korobov guilty and handed down a suspended sentence of two years in jail. The Kommersant investigation revealed that Korobov downloaded a piece of software codenamed Arcadia from Yandex’s servers, which contained the source code and algorithms of the company’s search engine. Later on, he tried to sell it to an electronics retailer called NIX, where a friend of his allegedly worked. Korobov also trawled the darknet in search of potential buyers. Korobov put a surprisingly low price on the code and algorithms, asking for just $25,000 and 250,000 Russian rubles, or about £27,000 in total. There’s no information on Korobov’s position within the company, but it appears that he wasn’t aware that the data he had in his possession could be worth much more. Read 7 remaining paragraphs | Comments

See the original post:
Yandex worker stole search engine source code, tried selling for just $28K