Tag Archive for MSFT

| July 22, 2014
Comments Off on Top Patent Troll Reloads

Top Patent Troll Reloads

Top Patent Troll ReloadsIt’s been a good year for patent trolls, and now the biggest patent troll of them all wants to keep the party going. Jeff John Roberts at GigaOM reports that Intellectual Ventures (IV) has acquired more than 200 new patents. The acquisitions will help IV extend its legal tentacles in fields like wireless infrastructure and cloud computing.

Patent troll aquires more patentsGigaOM explains that IV’s peculiar brand of innovation involves acquiring old patents and using them to arm thousands of shell companies, whose sole business is to extract licensing fees from productive businesses.

News of IV’s restocked war chest, which Reuters says is partially funded by Microsoft (MSFT) and Sony (SNE) comes after earlier reports that initial investors, including Apple (AAPL) and Intel (INTC) declined to take part in IV’s newest trolling fund. According to the report, by the law firm Richardson Oliver and spotted by IAM, the fund is on track since IV purchased 16 percent of all available patent packages in the first half of 2014. A chart by the firm suggests it paid $1-$2 million in most cases; here’s a partial look:

The chart shows six patents related to the cloud computing industry, which has so far escaped the rampant patent trolling that has plagued mobile phone and app developers. The author speculates cloud computing could now be prime picking for IV in the coming year.

IV is well-positioned to exploit the patents thanks to Senate Democrats, who in May killed a bipartisan Patent reform bill that would have undercut many of the economic incentives for patent trolling according to Mr. Roberts. IV has also been active on the lobbying front, filing to start a PAC this year and donating sums of money to Senator Dick Durbin (D-Il), who is closely allied to the trial lawyer lobby that reportedly helped to derail reform.

corrupt politicansGigaOM believes darker clouds could be looming for IV. They cite growing public skepticism towards patent trolls, who now account for 67 percent of all new lawsuits. The trolls have received harsh treatment from the likes of NPR and the New York Times, while the Supreme Court’s repeated criticism of slip-shod patents may finally be making it harder for companies to abuse them.

Meanwhile, respected tech figures like Marco Arment have lashed out at IV’s business model as “cowardly” while inventors like Tesla’s Elon Musk have questioned the value of patents to begin with.

rb-
Uh oh, the world’s biggest patent troll has restocked its weapons chest — and it looks like their next target will be cloud computing.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| July 7, 2014
Comments Off on Conficker Worm – Still Alive

Conficker Worm – Still Alive

Conficker Worm - Still AliveAfter 6 years Conficker remains one of the top 3 malware that affects enterprises and small and medium businesses according to Trend Micro’s (TMICY) TrendLab. They say 45% of malware-related spam emails they detected were related to Conficker. Trend Micro attributes this to the fact that a number of companies are still using Microsoft’s (MSFT) Windows XP, which is susceptible to this threat.

6 years old Conficker

For those that don’t remember our old friend Conficker (Trend calls it DOWNAD) it can infect an entire network via a malicious URL, spam email, and removable drives. Larry Seltzer at ZDNet’s Zero Day blog recalls that Conficker was a big deal back in late 2008 and early 2009. The base vulnerability caused Microsoft to release an out-of-band update (MS08-067 “Vulnerability in Server Service Could Allow Remote Code Execution”) in October 2008. In addition, Conficker has its own domain generation algorithm that allows it to create randomly generated URLs.  It then connects to these created URLs to download files on the system.

Technically, Windows Vista and the beta of Windows 7, were vulnerable, but their default firewall configuration mitigated the threat. It was Windows XP that was really in danger. Mr. Seltzer says that despite Microsoft’s patch, everyone knew that a major worm event was coming. When it came it was big enough that a special industry group (Conficker Working Group) was formed to coordinate a response.

45% of malware related spam mails are delivered by machines infected by the Conficker wormDespite the unprecedented industry effort, Trend Micro observed that six years later (2014 Q2), more than 45% of malware-related spam mails are delivered by machines infected by the Conficker worm. Analysis by the AV firm of spam campaigns delivering FAREIT, MYTOB, and LOVGATE  payload in email attachments are attributed to Conficker infected machines.

Over 1.1 million IPs related to Conficker.

On Thursday, July 3 the Conficker Working Group detected +/- 1,131,799 unique IPs related to Conficker. Whatever the number,  it’s still a big number, for a 6-year old malware with a patch. Trend explains that the IPs use various ports and are randomly generated via the DGA ability of the malware. A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems.

rb-

With Microsoft ending the support for Windows XP this year, we can expect that systems with this OS will be infected by threats like Conficker for a long time to come. It is going to take years to work XP out of the system.

End Of Support Changes Little About Windows XP's Popularity

Even with an ancient OS, there are ways to prevent Conficker

  1. Upgrade – Kudos to MSFT, Windows 7 has been resilient so far
  2. Patch your systems
  3. Keep Anti-Malware up to date
  4. Stay away from shady places on the web
  5. Be wary of email attachments – Don’t open what you don’t know
  6. The Conficker Working Group has an easy way to check if your machine is infected with Conficker here
Related articles
  • Mobile malware: Past and current rends, prevention strategies (cloudentr.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| May 29, 2014
Comments Off on 70s Glitch Could Hit Every Computer On Earth

70s Glitch Could Hit Every Computer On Earth

70s Glitch Could Hit Every Computer On The PlanetRebecca Borison at the BusinessInsider asks who remembers the 1999 panic about the Y2K crisis. In 1999, Y2K looked as if it might derail modern life when computers because the glitch would reset computers to Jan 1. 1900, rather than Jan. 1, 2000, because computers only used two digits to represent a year in their internal clocks.

déjà vu all over againNow it déjà vu all over again, BI reports there’s a new, even bigger global software coding fiasco looming.  A huge amount of computer software could fail around the year 2038 because of issues with the way the code that runs them measures time.

Once again, just like with Y2K every single piece of software and computer code on the planet must now be checked and updated again. That is not a trivial task according to the author. In 2000, we bypassed the Y2K problem by recoding the software explains Ms. Borison. All the software — a fantastically laborious retrospective global software patch.

Disruption to the tech industry

Y2K problemAlthough Y2K was not a disaster, it was a massive disruption to the tech industry at the time. Virtually every company on the planet running any type of software had to find their specific Y2K issue and hire someone to fix it. Ultimately, Y2K caused ordinary people very few problems — but that’s only because there was a huge expenditure of time and resources within the tech business.

The 2038 problem will affect software that uses what’s called a signed 32-bit integer for storing time. The problem arises because 32-bit software can only measure a maximum value of 2,147,483,647 seconds. This is the biggest number you can represent using a 32-bit system.

time is represented as a signed 32-bit integerWhen a bunch of engineers developed the first UNIX computer operating system in the 1970s, they arbitrarily decided that time would be represented as a signed 32-bit integer (or number), and be measured as the number of milliseconds since 12:00:00 a.m. on January 1, 1970.

Glitch says it’s 1970 again

On January 19, 2038 — 2,147,483,647 seconds after January 1, 1970 — these computer programs will exceed the maximum value of time expressible by a 32-bit system using a base 2 binary counting system, and any software that hasn’t been fixed will then wrap back around to zero, thinking that it’s 1970 again.

UNIX time coding has since been incorporated widely into any software or hardware system that needs to measure time.

BI spoke with Jonathan Smith, a Computer and Information Science professor at the University of Pennsylvania for confirmation. The professor confirmed the Year 2038 is a real problem that will affect a specific subset of software that counts on a clock progressing positively. He elaborated:

Most UNIX-based systems use a 32-bit clock that starts at the arbitrary date of 1/1/1970, so adding 68 years gives you a risk of overflow at 2038 … Timers could stop working, scheduled reminders might not occur (e.g., calendar appointments), scheduled updates or backups might not occur, billing intervals might not be calculated correctly

The article concludes that we all need just to switch to higher bit values like 64 bits, which will give a higher maximum. In the last few years, more personal computers have made this shift, especially companies that have already needed to project time past 2038, like banks that need to deal with 30-year mortgages.

64 bitsApple (AAPL) claims that the iPhone 5S is the first 64-bit smartphone. But the 2038 problem applies to both hardware and software, so even if the 5S uses 64 bits, an alarm clock app on the phone needs to be updated as well. (If it’s using a 32-bit system in 2038 it will wake you up in 1970, so to speak.) So the issue is more of a logistical problem than a technical one.

HowStuffWorks reports that some platforms have different dooms-days.

  • IBM (IBM) PC hardware suffers from the Year 2116 problem. For a PC the beginning of time starts at January 1, 1980, and increments by seconds in an unsigned 32-bit integer in a way like UNIX time. By 2116, the integer overflows.
  • Hardware and softwareMicrosoft (MSFT) Windows NT uses a 64-bit integer to track time. However, it uses 100 nanoseconds as its increment and the beginning of time is January 1, 1601, so NT suffers from the Year 2184 problem.
  • On this page, Apple states that the Mac is okay out to the year 29,940!

rb-

The tech industry’s response to Y2K suggests that they will mostly ignore the 2038 issue until the very last minute when it becomes to ignore.  Another example of the pace of global software updates is that a majority of ATM cash machines were still running Windows XP, and thus vulnerable to hackers even though Microsoft discontinued the product in 2007.

Dont worryFortunately, the 2038 problem is somewhat easier to fix than the Y2K problem. Well-written programs can simply be recompiled with a new version of the C-library that uses 8-byte values for the storage format. This is possible because the C-library encapsulates the whole time activity with its own time types and functions (unlike most mainframe programs, which did not standardize their date formats or calculations). So the Year 2038 problem should not be nearly as hard to fix as the Y2K problem was.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| May 6, 2014
Comments Off on Security From the Heart

Security From the Heart

Security From the HeartWe have all heard the horror stories of password management. Users choose the same weak passwords, trade them for chocolate bars. They keep track of them on post-it notes. Firms are negligent in managing weak passwords. Help Net Security wrote about the latest innovation in passwords from Canadian security start-up Bionym.

Bionym logoBionym created Nymi, a bracelet/wristband containing an ECG (electrocardiogram) sensor that “reads” the unique heartbeat pattern of the wearer. The bracelet will use the ECG to authenticate into electronic devices; cars, computers, smartphones, TVs, etc.

“It was actually observed over 40 years ago that ECGs had unique characteristics,” Bionym CEO Karl Martin pointed out to Tech Hive. “What we do is ultimately look for the unique features in the shape of the wave that will also be permanent over time. The big breakthrough was a set of signal-processing and machine-learning algorithms that find those features reliably and to turn them into a biometric template.”

When you clasp the Nymi around your wrist it powers on. By placing a finger on the topside sensor while your wrist is in contact with the bottom sensor, you complete an electrical circuit. After you feel a vibration and see the LEDs illuminate, your Nymi knows you are you and your devices will too. You will stay authenticated until your Nymi is taken off,” it’s explained on the firm’s website.

3-factor security

Nymi knows you are youThe Nymi functions on a 3-factor security system. To take control of your identity you must have your Nymi, your unique heartbeat, and an Authorized Authentication Device (AAD). The AAD could be a smartphone or device registered with their app.

No details about the bracelet’s security have been share on the site. Ars Technica’s Dan Goodin has pumped Martin for information and, so far, the news is good. Elliptic curve cryptography is used to ensure data traveling between the bracelet and the device is not monitored or intercepted by attackers. ECC also encrypts the handshake performed between the bracelet and the devices being unlocked.

perform remote, gesture-specific commandsThe Nymi also has motion sensing and proximity detection that allows users to perform remote, gesture-specific commands, creating a dynamic and interactive environment,” it is explained. “A simple twist of the wrist can unlock your car door.”

When it arrives, Nymi will offer three-factor authentication. The wristband itself, your unique cardiac rhythm, and a mobile device, like a smartphone or tablet. The Nymi hardware acts as a secure token that ties into the biometric. The wristband will need to check in with your smartphone or tablet at the beginning of the day.

rb-

The thing that excites me most about Nymi is its potential to get rid of passwords. I think the password has a limited shelf-life. Once wearable computing takes off, payment processing will be integrated with biometrics on the wearable devices, there will be no need for passwords.

Nymi will be compatible with the FIDO AllianceBionym’s Martin stated,   “[Killing the password] is one of our goals,” noting that the Nymi will be compatible with the FIDO Alliance.

FIDO, which stands for Fast IDentity Online, was created by PayPal and Lenovo (LNVGY) and now counts Google (GOOG) and Microsoft (MSFT) among its members. The alliance has set out to create the next-generation standard for identity verification. 

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| April 1, 2014
Comments Off on Limit Admin Rights to Close Microsoft Holes

Limit Admin Rights to Close Microsoft Holes

Limit Admin Rights to Close MSFT HolesIt’s been best practice for a very long time: all users and processes should run with the fewest privileges necessary. That means no Admin rights for users. This limits the damage that can be done by an attacker if the user or process is compromised.

Avecto logoZDNet says that running users without admin rights on Microsoft (MSFT) Windows XP was generally impractical. It is a much more reasonable and manageable approach on Windows Vista, Windows 7, and Windows 8, but many organizations still run users as administrators because it makes things easier in the short term.

Impact of running with “least privilege”

ZDNet cites a new study from UK software company Avecto which demonstrates the real-world impact of running with “least privilege”. In 2013, Microsoft released 106 security bulletins and updates to address the 333 vulnerabilities identified in them. 200 of the 333 total vulnerabilities would be mitigated if the user were not running as administrator. 147 of the vulnerabilities were designated critical; 92 percent (135) of these would be mitigated.

Dark Reading says that the Avecto results also revealed that removing admin rights would also mitigate:

  • running with "least privilege"91% critical vulnerabilities affecting Microsoft Office,
  • 96% of critical vulnerabilities affecting Windows operating systems,
  • 100% of vulnerabilities in Internet Explorer and
  • 100% of critical remote code execution vulnerabilities.

Breakdown of Microsoft V\vulnerability Impact in 2013

Avecto told ZDNet that non-administrator users can still be compromised, but it’s much less likely that they would be and, if they were, the impact would likely be greatly limited. Least privilege is most effective as part of a more comprehensive security architecture including the prompt application of updates to patch vulnerabilities.

Paul Kenyon, co-founder, and EVP of Avecto told Dark Reading, “This analysis focuses purely on known vulnerabilities, and cybercriminals will be quick to take advantage of bugs that are unknown to vendors. Defending against these unknown threats is difficult, but removing admin rights is the most effective way to do so.”

rb-

Employees with admin rights can install, modify and delete software and files as well as change system settings making more work for the help desk folks. The report demonstrates that many companies are still not fully aware of how many admin users they have and consequently face an unknown and unquantified security threat. It is also conceivable that privilege management would have made high-profile attacks such as the recent one on Target if not impossible then much harder, by reducing the potential for the abuse of partner access, believed to have been at the heart of the breach.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
« Older Entries   Recent Entries »