Microsoft Will Continue Windows XP Support, For a Price

Subject: General Tech | September 3, 2013 - 12:17 AM |
Tagged: windows xp, windows, security, microsoft, legacy, enterprise, custom support

Windows XP seems to be the OS that simply will not die, and it seems that Microsoft has given in slightly on its plans to no longer support the aging operating system. For those customers willing to pay, Microsoft will continue patching Windows XP through its Custom Support program.

Custom Support is mainly aimed at large enterprise and industrial customers who, for legacy or other reasons, have yet to move on to newer OS versions from XP. The program will pick up from where Microsoft ends its public extended support for Windows XP (Service Pack 3) on April 8, 2014.

Businesses that elect to go the Custom Support route and stick with XP will pay approximately $200 per PC for the first year alone. The systems in the program will continue to receive patches for vulnerabilities rated as “Critical” with optional patches for “Important” security issues available for additional fees, according to Gregg Keizer writing for PCWorld. Security issues classed by Microsoft as being of low or moderate importance will not be patched at all.

Windows XP SP3 Desktop.png

Microsoft will reportedly be delivering these patches through a secure channel other than the standard Windows Update in an attempt to keep non-paying Windows XP users from getting their hands on the patches.

For now, it seems that Windows XP is still here to stay in a big way, at least in the enterprise space where it is likely cheaper to keep XP in circulation than to upgrade PCs, retrain employees, and re-code legacy applications. It will cost a pretty penny to keep the old OS up to date and (mostly) secure, however.

Source: PC World

Intel can now monitor every transaction on their network in real time

Subject: General Tech | August 22, 2013 - 12:17 PM |
Tagged: Intel, security

We have heard of another success in Intel's move into the security market from an 80 person team headed by Moty Fania which has created a device capable of real time scanning of everything that occurs on a corporate network.  It can handle four to six billion network events a day in its current state and the team claims a very high rate of true positives when scanning the internal Intel network for signs of breaches and industrial espionage attempts.  Sadly they did not disclose the hardware on which this tool is running to The Register but it is possible the custom software could be released by McAfee seeing as how Intel purchased them not too long ago.  With the current global climate they might have chosen a better response when asked the name of the software, the statement "it would not be "productive" to disclose its name" is perhaps not the most reassuring statement to make right now.

playthisthing.jpg

Worth trying out.

"Intel has created a Hadoop-based rig that analyses just about every network event in the company – four to six billion of them on business days - in close to real time so it can spot threats including industrial espionage."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Did you know your SIM card probably relies on 56bit DES?

Subject: General Tech | July 22, 2013 - 02:28 PM |
Tagged: SIM card, security, encryption, black hat 2013

The revelation that SIM cards rely on outdated encryption method make it surprising that an exploit has not been revealed long before now, but there is one that has been discovered and will be featured at this years Black Hat security conference.  The proof of concept used was to send an improperly signed binary SMS to a device over the air which returns an error that contains the entire cryptographic signature for the SIM that received the signal, from there it is rather simple to crack the 56bit DES with modern hardware.  Once you have the key you can send out a variety of commands to the device up to an including an OS update with certain customizations.  Follow the links from The Inquirer for more information.

sim.jpg

"A SIM CARD EXPLOIT that could leave millions of mobile phones vulnerable to hacking has been uncovered by German security firm Security Research Labs (SRL)."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

The QR code vulnerability is patched but Google Glass still has security problems

Subject: General Tech | July 19, 2013 - 02:00 PM |
Tagged: google glass, security, wifi

The originally reported vulnerability was based around a specially designed QR code causing Google Glass to connect to a WiFi network not of the owners choosing which would allow monitoring of data flowing to and from the effected Google Glass device.  While this issue was indeed patched there you still need to be aware that connecting to random WiFi can be a big security risk thanks to an unpatched spoofing bug effecting essentially all browsers.  As The Register reminds everyone, unless you are at least encrypting your traffic or using a VPN your data transmission should not be considered secure.

images.jpg

"AUGMENTED REALITY EYEWEAR Google Glass is still vulnerable to attacks via connected WiFi networks allowing hackers to capture user data sent from the device, security firm Symantec has said, despite Google having quietly patched the eyewear last month."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Secure your dongle with Addonics

Subject: General Tech | July 8, 2013 - 02:09 PM |
Tagged: security, encryption, addonics, CipherUSB

The interface is pretty ugly but the Addonics CipherUSB is incredibly easy to use and is effective at folder level and disk level encryption.  With the dongle on your machine you can encrypt internal and external disks which can then only be accessed when a similarly set up dongle and a password if you selected the option to require one.  It uses AES256 ECB or CBC encryption, the standard when it comes to encryption and setup and usage are incredibly easy though there are a few minor flaws on the CipherUSB.  Head over to Techgage for the review and a great overview of encryption in general.

TG_Addonics-CipherUSB.jpg

"As important as data encryption can be for the home user, it’s even more imperative in the enterprise. The problem? The most effective measures are usually cast aside in lieu of something a little easier to deal with. With the CipherUSB, Addonics hopes to bring “simple” and “most effective” together as one. Does it succeed?"

Here is some more Tech News from around the web:

Tech Talk

Source: Techgage

Tag teaming malware, just what everyone needs

Subject: General Tech | July 3, 2013 - 01:16 PM |
Tagged: Vobfus, Beebone, Malware, security

Vobfus has been around the block a few times, some Visual Basic code that first popped up in 2009 which tried to download and install code to attack machines that managed to get Vobfus on their systems.  Beebone, aka Win32/Beebone is newer, a fairly common Trojan infection which is similar to Vobfus in that it attempts to download other malware as opposed to attacking your machine directly.  According to this story on The Inquirer, they have developed a symbiotic relationship, where when one infects you it immediately tries to infect you with the other.  That way it can fool anti-malware programs into beleiving that they've sanitized your machine of all infections when in fact you only remove one of the two infections and the remaining one immediately downloads and installs a different variant of the one you just removed.

rkill.jpg

"SOFTWARE HOUSE Microsoft's security researchers have discovered a pair of malware programs that help one another to avoid being detected by antivirus software.

Known as Vobfus and Beebone, the collaborating malware prove difficult to remove from infected machines as they work together, foiling the removal by regularly downloading updated versions of their respective partners."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Beware the click-jacking Captcha of Evil!

Subject: General Tech | July 2, 2013 - 01:29 PM |
Tagged: Malware, IE10, chrome, security

Just in case you weren't already getting tired of captchas there is a new click-jacking technique which works on both IE9 and 10 in Windows 7 and also on Chrome for Windows 8 so for the time being you might want to avoid any captchas that begin with an 'R'.  The new Smartscreen features on Win8 as well as UAC should give you at least some defense and require you to allow the exectuable to run and infect your machine but you can be guaranteed that some less observant users will click straight through without reading the messages which appear.  While this type of attack is nothing new, the particular technique mentioned at The Register does have some new tricks.

CAPTCHA.jpg

"A security researcher has discovered a sneaky social engineering trick that might be used to disguise the go-ahead to run hostile code on Windows 8 machines.

The so-called keyjacking technique, uncovered by Italian security researcher Rosario Valotta, is similar to clickjacking. However, instead of fooling marks into generating fake Facebook likes, the keyjacking involves disguising a "run executable" dialogue box within a CAPTCHA challenge."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Beiber can be used for evil

Subject: General Tech | May 29, 2013 - 02:31 PM |
Tagged: cell phone, security, fud

If you are feeling safe and secure using your cellphone in public, some research out of the University of Alabama will shatter that confidence for you.  It seems that it is possible to use sound as a trigger to activate malware from a distance, even over low quality speakers.  You already know about Shazam and other apps you can use to identify songs simply by holding up your cellphone and have it successfully connect to a remote database to get the song data, even in a loud room.  This research shows that a previously infected phone could have dormant malware installed which can be remotely activated simply by music with a hidden message contained within it, inaudible to human ears.  Pair this with the known Autoconnect to Saved WiFi Profiles vulnerability and your phone could very easily start leaking information you would much rather keep private.   Follow the links from The Register to read the research paper and reactions to it.

shazam-iphone-android-app1-209x300.jpg

"Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale.

The paper, titled Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices, was presented in the eastern Chinese city of Hangzhou earlier this month by researchers at the University of Alabama at Birmingham (UAB)."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Careful connecting to those pub WiFis

Subject: General Tech | May 24, 2013 - 05:53 PM |
Tagged: cell phone, security, wifi, PNL

A security expert recently reminded people that the Preferred Networks List Bug which was identified in 2004 has only ever been addressed by Microsoft.  All other mobile OSes, from Apple to BlackBerry can accidentally expose their PNL to an eavesdropper who can then spoof it.  If you like setting up autoconnect on your devices you might want to double check the name of your active connections occasionally; if you are connected to your home WiFi while you are out you might have a problem.  Catch more at The Register.

war_standing.png

"Security expert Raul Siles has warned that years after it was first identified, the Preferred Networks List (PNL) Wi-Fi bug remains unaddressed on many an iPhone, Android phone, and Windows or BlackBerry handset."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

McAfee picks up Stonesoft, Intel continues to focus on network security

Subject: General Tech | May 7, 2013 - 03:16 PM |
Tagged: stonesoft, security, purchase, mcafee, Intel

A small security firm called Stonesoft was acquired by Intel, or rather McAfee, for just under $400m.  They provide not only software and services but actual network appliances which utilize their proprietary Stonesoft Security Engine to provide secure connectivity.  This makes a lot of sense when you think back on Intel's statements when purchasing McAfee, they are not interested in only providing security at the software level but are interested in moving to the hardware level.  You can find out a bit more at The Inquirer.

logo.png

"SECURITY VENDOR McAfee has bought software security firm Stonesoft to add to its range of network security products.

McAfee, which is owned by Intel, is one of the biggest security vendors but has so far been focused on end-point products such as anti-virus and firewall software that runs on consumer PCs. Now the firm has made a move to go deeper into the network, buying security software vendor Stonesoft for $389m in cash."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer