Essential networking tips

for small business

Android KitKat Unveiled

Suprising move by Google

Windows 8

Nine unanswered questions about the new OS

Pioneer 15x Blu-ray burner

coming soon for under $100

Tuesday, February 19, 2013

Security firm releases screen capture video of alleged Chinese military hackers at work

Security firm Mandiant has released a damning report offering unprecedented evidence, including screen capture video, of the actions of an alleged Chinese military-backed hacking group.

The report, titled “APT1: Exposing One of China’s Cyber Espionage Units“, tracks the cyber espionage group dubbed Advanced Persistent Threat 1 as far back as 2006.

“Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors,” Mandiant wrote.

More specifically, the group is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, also known as Unit 61398.

Appendices attached to the report include thousands of indicators of APT1′s methods, including domain names and IP addresses.

Working off an advance copy of the report, The New York Times followed the trail to buildings in Shanghai believed to house the unit. When the Times encountered persistent attacks from Chinese hackers last year, it worked with Mandiant to monitor and block the intrusions.

While Chinese officials have dismissed the claims of state-sponsored hacking as “groundless”, numerous media organizations, including Bloomberg and The Wall Street Journal, and companies have come forward to state that they faced similar attacks.

The PLA has long been suspected of orchestrating complicated cyber-attacks against foreign governments and corporations, but public evidence backing up those suspicions has been lacking. As such, Mandiant’s report stands as some of the most compelling proof of the Chinese hacking apparatus available to civilians.

If you’re interested in reading the full report, you can access it here.

This Is the Site Likely Responsible for the Recent Major Tech Company Hacks

Apple, Facebook, Twitter — all hacked. And there’s probably more to come.

In the spate of large companies hacked in recent weeks, it seems that many of them have one thing in common. Many have visited one compromised Web site specifically devoted to sharing information related to mobile development — and it’s not just tech companies visiting the site.

The site is called iPhoneDevSdk, according to sources close to the Facebook hacking investigation. It’s a hub for many companies concentrated on the mobile space.

After Facebook employees visited the mobile development site in recent weeks, malicious code injected into the HTML of the site used an exploit in Oracle’s Java plugin to infect employee laptops, as the company divulged last Friday.

When asked for comment on the site in question, Facebook referred us back to the company’s blog post from last week, without going into further detail.

Of note: Do not visit this site, as it may continue to be compromised. While it’s potentially risky to publicize the Web site, AllThingsD is providing the name to inform readers, developers and organizations interested in mobile development in order to keep them from becoming infected.
It is likely also the Web site responsible for the recent hack of Apple employee laptops, as the company announced on Tuesday. “Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plugin for browsers,” the company said in a statement to AllThingsD provided earlier this morning.

Apple did not immediately respond to a request for comment on whether or not the iphonedevsdk site was involved in its hack.

It could also be the common thread behind the recent Twitter hack, which potentially compromised the accounts of 250,000 Twitter users. In the language of Twitter’s blog post, head of information security Bob Lord reminded users to disable Java inside of their browsers, a hint that this could be related to the Facebook and Apple hacks.

Apple also released a security update software patch to users on Tuesday which addresses the Java exploit, another indication that the iPhoneDev site is responsible for the company’s hack.
Twitter did not respond to a request for comment.

The hack is different from many familiar modes of attacking individual users and companies. It’s called a “watering hole” attack, in that it’s a centralized, popular location which many people visit across multiple industries.

“Everyone knows about spearfishing now,” said Joe Sullivan, Facebook’s chief security officer, in an interview with AllThingsD last week. “But being able to target a site on the Internet — it’s a really interesting idea that you could target people from there. You don’t have to get someone to open the email or click on the link.”

Or as independent security researcher Ashkan Soltani told us last week: “Rather than attack individual developers, they’ve poisoned the well.”

The type of attack has been used in other recent high-profile hacks. In December of last year, a watering-hole hack was discovered on the Council of Foreign Relations website, a Washington, D.C.-based think tank whose influence is widespread in “journalist, business and education circles.”
But the attack on mobile developers is potentially even more worrisome: The iPhoneDevSDK website isn’t just for tech-focused companies working on mobile apps. It’s an iPhone-specific site that any organization interesteed in mobile could benefit from visiting. And as Facebook said in its recent blog post, “Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well.”

The implications loom large. As the tide has shifted over the past few years and more people have moved to using smartphones and tablets for their computing needs, countless numbers of major companies and organizations have invested heavily in mobile application development. Imagine how many visited the site and could unknowingly be affected.

“It’s the type of forum that anyone who was building apps for mobile devices would visit,” Facebook’s Sullivan told AllThingsD. “It’s pretty popular for sharing tips, tricks, etc.”
So going forward, the question now isn’t what company is next, but rather who’s willing to admit it next?

“I truly believe we’re going to see quite a bit more of these annoucements as companies start to get smarter and look more closely at their systems,” Soltani told AllThingsD in a previous interview.
Now, “It’s not a matter of whether or not you’ve been compromised,” Soltani said. “It’s whether you have the expertise to tell.”

by Mike Isaac

Exclusive: Apple, Macs hit by hackers who targeted Facebook

(Reuters) - Apple Inc was recently attacked by hackers who infected Macintosh computers of some employees, the company said Tuesday in an unprecedented disclosure describing the widest known cyber attacks targeting Apple computers used by corporations.

Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers.

The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday.

The malware was also employed in attacks against Mac computers used by "other companies," Apple said, without elaborating on the scale of the assault.

Twitter, which disclosed that it had been breached February 1 and that hackers might gave accessed some information on about 250,000 users, was hit in the same campaign, according to a person close to the investigation.

Another person briefed on the case said that hundreds of companies, including defense contractors, had been infected with the same malicious software. Though this person said that the malware could have originated from China, there was no proof.

"This is a new campaign. It's not like the other ones you read about where everyone can tell it's China," the first person said.

Investigations into the breaches are ongoing. It was not immediately clear when the attacks had begun, the extent to which the hackers had succeeded in stealing data from targeted systems, or whether all infected machines have been identified.

The malware was distributed at least in part through a site aimed at iPhone developers, which might still be infecting visitors who haven't disabled Java in their browser, the person close to the case said. There is a version that infects computers running Microsoft Windows as well.

Security firm F-Secure wrote that the attackers might have been trying to get access to the code for apps on smartphones, seeking a way to infect millions of end-users. It urged developers to check their source code for unintended changes.

Apple disclosed the breach as tensions are heating up over U.S. allegations that the Chinese military engages in cyber espionage on U.S. companies.

U.S. cyber security firm Mandiant reported over the weekend that it has uncovered evidence that the Chinese military is behind a slew of cyber attacks on U.S. businesses. The White House said it has repeatedly raised concerns about Chinese cyber theft with Beijing.

The breaches described by Apple mark the highest-profile cyber attacks to date on businesses running Mac computers. Hackers have traditionally focused on attacking machines running the Windows operating system, though they have gradually turned their attention to Apple products over the past couple of years as the company gained market share over Microsoft Corp.

"This is the first really big attack on Macs," said the source, who declined to be identified because the person was not authorized to discuss the matter publicly. "Apple has more on its hands than the attack on itself."
Charlie Miller, a prominent expert on Apple security who is co-author of the Mac Hacker's Handbook, said the attacks show that criminal hackers are investing more time studying the Mac OS X operating system so they can attack Apple computers.

For example, he noted, hackers recently figured out a fairly sophisticated way to attack Macs by exploiting a flaw in Adobe Systems Inc's Flash software.

"The only thing that was making it safe before is that nobody bothered to attack it. That goes away if somebody bothers to attack it," Miller said.


Cyber security attacks have been on the rise. In last week's State of the Union address, U.S. President Barack Obama issued an executive order seeking better protection of the country's critical infrastructure from cyber attacks.

White House spokesman Jay Carney told reporters on Tuesday that the Obama administration has repeatedly taken up its concerns about Chinese cyber theft with Beijing, including the country's military. There was no indication as to whether the group described by Mandiant was involved in the attacks described by Apple and Facebook.

An Apple spokesman declined to specify how many companies had been breached in the campaign targeting Macs, saying he could not elaborate further on the statement it provided.

"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," the statement said.
"We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple," it continued.

The statement said Apple was working closely with law enforcement to find the culprits, but the spokesman would not elaborate. The Federal Bureau of Investigation declined to comment.
Apple said it plans to release a piece of software on Tuesday that customers can use to identify and repair Macs infected with the malware used in the attacks.

By Jim Finkle and Joseph Menn

Wednesday, February 13, 2013

Don't open that PDF: There's an Adobe Reader zero-day on the loose

Summary: After Java and Flash, now PDF Reader is under attack, with one security firm warning Reader users to avoid PDFs.
Security researchers are warning users not to open PDFs from unknown sources in Adobe Reader after finding a PDF zero-day being exploited in the wild.

Researchers at security firm FireEye claimed on Tuesday they had seen the attack PDFs successfully exploit the latest versions of Adobe's PDF Reader for Mac, Linux and Windows.

"Today, we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1," FireEye researchers Yichong Lin, Thoufique Haq, and James Bennett noted in a blog post.

The researchers were referring to the latest updates for Adobe Reader XI 11.0.01 for Windows and Macintosh, Adobe Reader X (10.1.5) for Windows and Macintosh, and Adobe Reader 9.5.3 for Windows, Macintosh and Linux, which Adobe released in January to fix 27 critical vulnerabilities in older versions.

"Upon successful exploitation, [the exploit] will drop two DLLs [dynamic link libraries]. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain," FireEye said.

FireEye says it has submitted the sample to Adobe's security team and, without a new patch available from the company, is warning users not to open any unknown PDF files until it receives confirmation.

Adobe has confirmed it is looking into the reports. "Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information," it said in a blog post on Tuesday.

The reported Reader zero-days come hot on the heels of two Flash Player zero-days that were being exploited by attackers in spear-phishing campaigns, and for which Adobe issued out of band fixes last week.

Those attacks relied on SWF Flash files embedded in Microsoft Word documents, according to analyses by FireEye and fellow security firm Alien Vault. Another attack aimed at Mac users hosted malicious Flash files on a website.

Adobe yesterday updated Flash Player with a new Click to Play anti spear-phishing feature to prevent embedded Flash files from automatically executing when users open documents in Office 2008 and earlier. The move brings protected mode features already available in Office 2010, which asks users for permission to run Flash embedded within documents.

By Liam Tung |

Apple Said to Have Team Developing Wristwatch Computer

Kevork Djansezian/Getty Images
Chief Executive Officer Tim Cook is facing pressure from shareholders who have seen the stock slump more than 30 percent since a September high. 
Apple Inc. has a team of about 100 product designers working on a wristwatch-like device that may perform some of the tasks now handled by the iPhone and iPad, two people familiar with the company’s plans said.

The team, which has grown in the past year, includes managers, members of the marketing group, and software and hardware engineers who previously worked on the iPhone and iPad, said the people, who asked not to be named because the plans are private. The team’s size suggests Apple is beyond the experimentation phase in its development, said the people.

Chief Executive Officer Tim Cook is facing pressure from shareholders who have seen the stock slump more than 30 percent since a September high amid slowing sales growth and competition from rivals such as Samsung Electronics Co. Without a revolutionary new gadget that commands a higher price, investors are concerned about falling margins and increased competition.

“The iWatch will fill a gaping hole in the Apple ecosystem,” Bruce Tognazzini, a technology consultant and former Apple employee, wrote in a blog post last week. “Like other breakthrough Apple products, its value will be underestimated at launch, then grow to have a profound impact on our lives and Apple’s fortunes.”

Natalie Kerris, a spokeswoman for Cupertino, California- based Apple, declined to comment yesterday. Previously, the New York Times reported that Apple was working on a watch-like device.

Wearable Computers

Apple’s James Foster, senior director of engineering, and Achim Pantfoerder, another manager, are part of the efforts to introduce a wristwatch-style computer, according to the people. Apple has worked on wearable devices for tracking fitness in the past and never brought them to market, said one of the people.

Creating a watch involves unique challenges, particularly managing power demands so that the battery doesn’t need to be recharged every day. Google Inc. has been working on eyeglass- embedded computers and plans to introduce them in 2014.

The introduction of a wearable computing device may signal a new direction for the consumer-electronics industry. Apple’s debut of the iPhone in 2007 and iPad in 2010 created the market for touch-screen smartphones and tablet computers that have been followed by companies such as Google, Samsung and Microsoft Corp.
Apple is right to invest in products such as watches, even if they don’t result in commercial products, said Josh Spencer, a fund manager at T. Rowe Price Group Inc.

“There’s more people that would wear an Apple watch than would wear Google glasses,” Spencer said.

Wearable machines for tracking fitness are already on the market from Nike Inc., Fitbit Inc. and other manufacturers.

Hon Hai Precision Industry Co., which assembles the iPhone, in 2001 invested in startup WIMM Labs, which designed a watch with a screen, Wi-Fi and Bluetooth.

Thursday, February 7, 2013

Today's Special!

Mention this blog and get $25 off any of our services!
Good at both locations:
320 S Ankeny Blvd
Ankeny, IA  50023
910 6th St
Jesup, IA  50648
Good for in shop services only. On site services not included.
Offer good until 03/01/2013.
Coupon code: PTBLOG

Tuesday, February 5, 2013

Latest Java update patches 50 holes, including critical zero-day flaw

Java - logo

Oracle was convinced to issue an update for its Java plugin two weeks early this month in order to squash a few critical bugs that resulted in a torrent of bad press. Everyone from security bloggers to the federal government had warned the general public against using Java after it was discovered that the exploit was being targeted in the wild. Apple blocked Java via OS X’s Xprotect, and Mozilla and Google both flipped the switch on their browsers to blacklist the plug-in.

According to security researcher Brian Krebs, the most critical fix in the most recent Java update addresses an issue in Oracle’s new trust mechanism. The initial change made it so that Java requested authorization from end users whenever unsigned, untrusted code was encountered. While it was an excellent step in the right direction in terms of improving the overall security of Java, it was also very easy to circumvent.

In total, the Java update takes care of 50 security flaws. Unsurprisingly, Oracle is recommending that all users update as soon as possible due to the severe risk posed by surfing with a vulnerable version.
If you’ve still got Java installed on your system, keep your eyes peeled for an update notification. If you’d rather not wait for Oracle’s updater to answer the call, just head over to the Java download page and grab the latest version. Mac users will be relieved to know that the new release matches Xprotect’s minimum version expectation — and that means no more terminal hacking is required just so you can play Minecraft.

One more thing: just make sure the update you’re installing is a legitimate one, not some craftily-designed malware.