Archive for February 19, 2011

| February 19, 2011
Comments Off on Hackers Can Target Cars

Hackers Can Target Cars

Hackers Can Target CarsWired reports that over 100 drivers in Austin, TX found their cars disabled or the horns honking out of control. This happened after an intruder ran amok in a web-based vehicle-immobilization system called Webtech Plus (PDF). Webtech Plus is normally used to get the attention of consumers delinquent in their auto payments. The app is operated by Cleveland-based Pay Technologies system. It allows car dealers to install a black box in the vehicle that responds to commands issued through a central website and relayed over a wireless pager network.

How he got in

Austin police claim the perpetrator was Omar Ramos-Lopez, a former Texas Auto Center employee who was laid-off. The hacker allegedly sought revenge by bricking the cars sold from the Austin-area dealership. Reportedly Mr. Ramos-Lopez’s account was closed when he was terminated but he allegedly got in through another employee’s account. At first, the intruder targeted specific customers. The attacker later moved to access the database of all 1,100 customers whose cars were equipped with the device. It is charged that he went through the database, vandalizing the records, disabling the cars, and setting off the horns.

Cars are targets

The Webtech attack was an external attack but Bob Brammer, CTO, and VP at Northrop Grumman Information Systems (NOC)  told GovInfo Security that cars themselves are likely to become targets. Mr. Brammer points out that most cars contain 50 to 100 or more tiny computers. The computers are controlled by over 100 megabytes of code that control the accelerator, brakes, displays, steering, etc. All of these systems can be accessed through a diagnostic port that serves as the vehicles’ USB port. Mr. Brammer cites a study published in an IEEE journal. “It’s possible to take over a car, controlling the brakes, the accelerator, the steering wheel, despite whatever the driver might want to do. Our automobiles are highly vulnerable from a cybersecurity view.

The paper, Experimental Security Analysis of a Modern Automobile, (PDF) says the potential attack window could widen as more automakers offer vehicle-to-vehicle and vehicle-to-infrastructure communications networks to third-party development, “An attacker who is able to infiltrate almost any electronic control unit can leverage this ability to completely circumvent a broad array of safety-critical systems.”  GigaOm cites data from iSuppli that Wi-Fi in automobiles will be integrated into 7.2 million cars by 2017.

The researchers said they took control of a number of the car’s functions and the driver could do nothing about it. They bypassed basic network security protections within the car. They then embedded malicious code in the telematics unit to erase evidence of the hack’s presence after a crash.

More theoretical than practical

I luv your PCMr. Brammer, for now, sees the threat to cars as more theoretical than practical. But he says it demonstrates that we must think about cyber-security more broadly than we have in the past. “As the trend is to put more IT into everything that we do – whether it’s cars, airplanes, power grids, water supplies, whatever – we have to think about the security aspects of the design. These systems, within reason, have to be able to withstand certain types of attempts to attack or exploit them. That’s a terrible thing have to say, but I think that’s the way world is these day.”

Wi-Fi can give attackers an entry point into critical systems. Professor Stefan Savage of the University of California, San Diego told Technology Review. “In a lot of car architectures, all the computers are interconnected, so that having taken over one component, there’s a substantive risk that you could take over all the rest of them. Once you’re in, you’re in.” This could lead to brakes failing or the steering wheel seizing on scores if not hundreds of cars simultaneously, causing catastrophic crashes.

rb-

Cars have become more computerized. They are linked through Wi-Fi and 3G networks making our daily transportation vulnerable to hackers and cyber-attacks. Cyber-terrorists could target cars to begin the chain of events leading to a Hollywood-style disaster. Hopefully, the Auto manufacturers are going to tighten up the security of our cars. They will delay improving security if safety belts and airbags are examples.

Will the auto industry tighten the security onboard cars?

Will the government have to step in?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Cars | Tags: , , , , , , , , ,
| February 16, 2011
Comments Off on Big Blue Wants to Patent Patent Trolling

Big Blue Wants to Patent Patent Trolling

Big Blue Wants to Patent Patent TrollingConceivably Tech reports that IBM (IBM) has filed a patent application with the US Patent and Trademark Office (USPTO) to automates the management of intellectual property. The system that would manage Big Blue’s intellectual property (and others who could afford IBM’s costs) comes with a “defend” module to formulate a strategy in the case of patent infringement.

IBM logo TechEye says that Big Blue’s patent is designed to automate the patent process from beginning to end including suing other companies that the computer believes are infringing on a copyright. The patent components are divided into a “direct” part, which includes the overall strategy such as R&D, portfolio, filing, budgeting, and forecasting. “Control” covers factors such as market alignment, invention evaluation, IP valuation, and inventor training. “Execute” includes trade secret protection, trademark creation, IP landscaping, technology monitoring, and competitive intelligence. Conceivably Tech quotes the “defend”, “influence” and capitalize modules of the application:

“defending against infringements and invalidations of said IP rights based on said business strategies and monitoring market and competitor actions to develop risk management plans; an influence computer module including a standards influencing unit, a legal and regulatory influencing unit, and a policy influencing unit; and capitalize computer module for identifying potential licensees and potential assignees of said IP rights, and managing licensing negotiations, cross-licensing negotiations, and assignment negotiations based on said business strategies.”

TechEye points out the irony of how the software was created. They point out that an IBMer collected all the experience IBM gained from filing more than 100 patents every week and put the data into a chart. From there Big Blue decided that given the way the IP world is shaping up these days, they should patent IP themselves. Thus IBM has patented the patent process. What they came up with is:

TechEye concludes that IBM’s patent application is really an automated troll. They conclude that if the patent office approves this, then it means that every time you patent something you have to give IBM a fee to see if you did it differently from Big Blue’s process. Otherwise, its software might send you a subpoena.

rb-

This must seem like a god-send to organizations whose business model has de-evolved into patent trolling. Some of these cases I have written about are the CSIRO Wi-Fi patent activities, all the craziness in the smartphone market, and MSFT co-founder Paul Allen’s attempts to sue most of the web.

Gotta give it to IBM, its like TechEye says, “If you can’t beat the trolls, patent the process that creates them.”

Do you believe the U.S. Patent Office is still useful?

Does IBM deserve to collect a tax from every innovator?

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| February 14, 2011
One comment

EMC Jumps the Shark

EMC Jumps the SharkIn a pure PR stunt EMC (EMC) has jumped the shark. In a throwback to the 1970s, EMC has released a video of a “Record-Breaking” storage announcement. Motorcycle daredevil (and Evel Knievel wanna-be) Bubba Blackwell attempts to jump his motorcycle over 8 Petabytes of storage in 40 EMC Symmetrix storage units. Data Center Knowledge made a couple of technical observations:

  • Evel Knievel on his Harley-DavidsonParking lots typically don’t make ideal environments for storage gear, especially in a warm climate like Miami.
  • Few data centers possess the perimeter floor space required for a motorcycle daredevil to reach 75 mph.
  • Many data centers lack the ceiling clearance necessary to accommodate a flying motorcycle. The risk of daredevil-duct work collisions would be high.

So don’t try this in your data center!

Will Bubba make it? Click below to find out!

rb-

Yeah I know I got sucked into the EMC marketing machine, but it’s cool.

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| February 12, 2011
Comments Off on AT&T 3G Network Magically Upgraded to 4G

AT&T 3G Network Magically Upgraded to 4G

AT&T 3G Network Magically Upgraded to 4GNow that the ITU has caved to the marketers at big telecom, miracles happen. AT&T (T), America’s second-largest wireless carrier, found that its 3G HSPA+ network had automagically evolved all by itself into a fourth-generation (4G) wireless network. Proponents of 4G promise that 4G mobile internet speeds are considerably faster than current wireless networks providing faster download, super-fast video streaming, and more billing opportunities.

Since the ITU downgraded the definition of 4G to catch up with the marketers and declared, “4G …  may also be applied … to the initial third generation systems now deployed” there is no consensus of what exact speed is a 4G network, so companies are free to claim what they want and hopefully the market will sort it out.

AT&T is betting that its customers are too dumb to care. TechEYE cites a Reuters report that AT&T’s chief exec Ralph de la Vega believes that consumers won’t notice the difference between HSPA+ and the forthcoming LTE network stating that “The whole industry has come to equate more speed with 4G.” TechEYE points out that AT&T saw a similar miracle in September 2010 when the marketers found that its HSPA+ network became “the nation’s fastest mobile broadband network.

rb-

The Business Insider has proof consumers don’t care about 4G. They report on Nielsen on findings that only 54% really knew what it meant (super-fast wireless). 27% of the people polled think it’s the latest version of the iPhone. Only 29% of the people polled said they were planning on buying a 4G phone in the next year.

proof consumers don't care about 4G.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| February 9, 2011
Comments Off on Who Moved My SPAM?

Who Moved My SPAM?

Who Moved My SPAM?Analysis of the spam trends by security vendor Commtouch reveals a significant drop in global spam levels according to the Help Net Security.  The article says that the average spam level for Q4 2010 was 83% down from 88% in Q3 2010. The beginning of December saw a low of nearly 74%.

The New York Times also noted the decline in SPAM during Q4 2010. The NYT cites data from MessageLabs that global spam volumes dropped to about 30 billion messages a day from about 70 billion before Christmas. MessageLabs says the decline added to a downward trend underway since August when spam peaked at some 200 billion spam messages a day or 92.2 percent of all e-mail.

There are several theories why SPAM is drying up. One theory in the NYT article for why the botnets stopped spamming is that an important source of business may have dried up. September 2010 saw the Russians close down SpamIt, the organization allegedly behind much of the world’s pharmacy spam. Without SpamIt, “at least for now, there’s no content to fill the spamming cannons that Rustock has,” John Reid, of Spamhaus, a nonprofit group that tracks spammers, told the NYT.SPAM Volume; Global Projections

Another theory put forward is that the botnet operators are intimidated. The NYT reports that in addition to going after SpamIt, Russian authorities recently arrested two spammers in Taganrog, in southern Russia, who had a database of nearly two billion United States and European Union e-mail addresses they had used to spread malicious programs, according to the HostExploit blog. “Even if the people were unrelated, the chilling effect of arrests can cause others to lay low for a while,” Mr. Reid said, adding, “But all this is speculation.”

MessageLabsMatt Sergeant, a senior anti-spam technologist at MessageLabs, a unit of the security software maker Symantec (SYMC) wrote in a blog post, “Did the people in charge of these botnets suddenly go on vacation? Currently, there are no explanations on why these botnets stopped spamming.”

Another theory could be that SPAMmers are changing tactics. The botnet operators seem to be shifting their focus to more lucrative social networking and mobile channels. Jamie Tomasello, Abuse Operations Manager at Cloudmark, told Help Net Security that these platforms allow SPAMmers to reach more responsive recipients compared with traditional email messages.

In a survey of Facebook users by F-Secure, the anti-malware firm, found that social networking spam is now a problem for three out of four Facebook users reported by ITNewsLink. F-Secure also found that 78 percent think spam is a problem on the site and 49 percent report they often see something in their newsfeed that they consider spam.

CloudmarkMs. Tomasello explains that technically, a botnet can send any kind of content and so they are increasingly being used to send messages that spoof content from social networking sites. This works in a similar way to email phishing attacks, where a message would drive the recipient to a malicious payload, or to a website to capture the recipient’s social network credentials. The cybercriminal could then log in to the social networking site with the compromised credentials and send spam via the platform to the compromised recipient’s friends.

Cloudmark’s Tomasello says that these messages can be much more convincing than email spam messages because social networks, and the friends a user is connected with, are often well trusted. Once a cybercriminal has compromised credentials they will use them to try to gain access to other e-commerce, social network, email, or bank accounts, because many internet users use the same username and password combination across multiple websites.

Mobile devices are also seeing increased threats. Gareth Maclachlan, Chief Operating Officer of AdaptiveMobile, a mobile security firm told ITnewslink “With the increasing pervasiveness of Smartphone devices, 2010 has undoubtedly been the year that fraudsters have truly turned their attention to mobile platforms.” Mr. Maclachlan continues:

With Smartphone penetration reported to reach 37 per cent in Europe and 44 per cent in the US by 2012, we predict that the number of threats targeted at unsuspecting mobile users will continue to increase at an exponential rate throughout the course of 2011. Even more significantly, the nature of the threats we are seeing will increase in sophistication. … next year will see the emergence of the ‘compound threat’ – intelligent scams designed to exploit multiple phone capabilities in order to reap maximum reward for the criminals, before the user even realises they have become a victim.

rb-

My SPAM data tracks what the big boys are saying. The average number of SPAM emails I receive has dropped to a near record-low 12.3 SPAM messages per day in January 2011 from a high of 77.5 SPAM messages in May of 2009.  The record low monthly average was 11.0 SPAM messages in May 2010. The number of SPAM messages I get on my Blackberry has been minimal, but the number of junk emails I get even though LinkedIn has climbed.

Monthly SPAM Averages

Are SPAMmers taking a break or reloading?

What are you doing to prevent SPAM on mobile devices?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries   Recent Entries »