Bad Week for Botnets

"The movement toward making organizations more transparent in disclosing security breaches, challenges and weaknesses will make organizations more vulnerable to attack because stating them makes them more obvious," said Steve Durbin, global vice president of the Information Security Forum. "The movement toward making organizations more transparent in disclosing security breaches, challenges and weaknesses will make organizations more vulnerable to attack."

Two zombie networks infamous for stealing banking information and spewing spam were hit with a right-left combination last week by botnet fighters.

Using the power of the federal Racketeer Influenced and Corrupt Organizations (RICO) Act, Microsoft (Nasdaq: MSFT), along with organizations representing the financial services industry, took down two command-and-control servers running botnets based on Zeus, a malware family known for stealing the logins to banking accounts.

Meanwhile, Kaspersky Lab, Dell (Nasdaq: DELL) SecureWorks and other organizations squelched an attempt to revive the Kelihos botnet, which was one of the largest spam- spewing networks in the world before it was taken down last year.

Whac-a-Mole Game

Microsoft's efforts are garnering praise, but the significance of the offensive is still questionable. That's because -- unlike some botnets with centralized command-and-control servers -- Zeus botnets are decentralized. Anyone who has the money to buy the software can set one up.

It's like a whac-a-mole game right now, in which Microsoft can keep getting court orders and seizing servers, and taking control over domain names used for these botnets, but these guys can register new domains and buy new servers very easily," observed Brett Stone-Gross, a senior security researcher at Dell SecureWorks.

"It's like trying to take down an army of cockroaches," said Avivah Litan, a security analyst with Gartner (NYSE: IT). "You can't really get them all."

The Kelihos network is also decentralized, but it uses peer-to-peer communication to operate, which bot battlers could exploit to take over the Net.

"We injected a fake peer entry list with an IP address under our control, so all bots connected to us and turned it into a centralized botnet connected to us," Stone-Gross explained.

Once in the bot fighters control, the net was neutralized.
Massive Card Breach

MasterCard (NYSE: MA) and Visa (NYSE: V) have been alerting their members for more than a week about "a potential account data compromise event" at a U.S.-based entity.

Both companies revealed last Friday that they were investigating the breach after it was reported by security ace Brian Krebs, who estimated that the breach could affect as many as 10 million credit card numbers.

MasterCard and Visa stated that the breach did not affect their systems.

Meanwhile, some 50,000 cardholders were at risk due to a breach affecting Global Payments, according to The Wall Street Journal.

A New York City taxi and parking garage company appears to be connected to the breach, according to Gartner Security Analyst Avivah Litan.

A Central American gang may be behind the breach, and they may have compromised an administrative account to do it, she added.

The credit card companies said they've turned the case over to federal law enforcement authorities for investigation.
Regulators Can Undermine Security

Government regulators are typically considered White Hats in the battle with cyber low-lifes, but a report released last week on information security threats fingered them as a source of data insecurity.

The culprit is government-ordained transparency, according to Steve Durbin, global vice president of the Information Security Forum, which produced the report, "Threat Horizon 2014: Managing Risks When Threats Collide."

"The movement toward making organizations more transparent in disclosing security breaches, challenges and weaknesses will make organizations more vulnerable to attack because stating them makes them more obvious," Durbin told TechNewsworld.

Privacy demands, while not weakening security directly, will force many businesses to reassess their markets rather than comply with regulatory demands, he added.

"Privacy will be distracting to other security efforts that are going on," said Durbin. "Privacy requirements are going to be imposing a heavy compliance burden, forcing organizations to decide whether or not they're going to invest in the necessary security to comply, or whether they're going to exit certain markets because they're not prepared to comply with some of these regulations."
Breach Diary

March 25. LulzSec posted to the Internet information from 171,000 accounts of MilitarySingles.com. On March 29, the site claimed it found no evidence it was hacked. However, comparisons of the data posted to the Internet and information at the site shows consistencies between the two.

March 25. Anonymous posts to Internet more than 1,400 email addresses, many from Newfoundland and Labrador.

March 25. More than 2,000 names, email and postal addresses, and phone numbers of UK wholesaler Waveney Wholesale posted to Internet by hacker called "SONLCS."

March 27. U.S. Federal Trade Commission announces settlement with RockYou for data breach in 2009 that exposed information on 32 million users to hackers. RockYou agreed to pay a US$250,000 civil fine as part of the terms of the settlement.

March 30. California Child Support Agency reports that backup cartridges containing records for 800,000 individuals were lost March 12 in transit from a facility in Colorado to California.
Calendar of Events

April 28-29. Drone Summit: Killing and Spying by Remote Control. Mount Vernon Place United Methodist Church, 900 Massachusetts Avenue NW, Washington, D.C. Sponsored by Reprieve and the Center for Constitutional Rights. $20-$100.

May 14-16. FS-ISAC & BITS Annual Summit. Turnberry Isle Resort and Club, 19999 West Country Club Drive, Miami. Sponsored by Financial Services-Information and Analysis Center. $1,250-$1,750. Registration deadline April 20.

Posted by Hadouch | op 14:55 | 3 reacties

Linux on the Desktop - Dead Again?

"Desktop Linux thrives in spite of its disadvantaged position," said Slashdot blogger yagu. "It's good enough to maintain and grow a loyal base." That's not likely to change, "but until Microsoft is rendered completely irrelevant (think browser-based computing), Desktop Linux will stay a minor player," he predicted. In the meantime, "the naysayers have been claiming the death of Desktop Linux every year, and every year they've been wrong."

Well it's been a tempestuous week here in the Linux blogosphere, thanks largely to a violent brawl that broke out unexpectedly down at the Broken Windows Lounge.

It all started with a blog post over at PCWorld last weekend on a topic that might sound familiar.

Any guesses? Yes, that's right: "Why Linux Is Dead on the Desktop" was its name, and a collective groan could be heard in blogobars across the land as soon as it appeared on the horizon.

It's baaa-aack! Linux fans everywhere were forced to put down their beers and take up arms once again.

Shots Were Exchanged

Indeed, a return salvo was fired on Monday morning, followed by yet another shot back soon afterward.

The Slashdot crowds, meanwhile, were embroiled in a related skirmish of their own.

Bottom line? Dark and stormy days in Linux land. Linux Girl hunkered down on her favorite barstool and tried to record some of what was being said.
'It's Like Grandma's Cookies'

"Of course Linux in the COMMERCIAL DESKTOP is a failure, because Linux is not commercial," opined Google+ blogger Alessandro Ebersol, for example. "It's like grandma's cookies -- they can't compete with, say, Nabisco. It's a totally wrong assumption, and he could not be wronger."

Ebersol was also intrigued by the timing of the attacks.

"Those articles proclaiming Linux dead always surface near to a winblow$ launch," he pointed out. "Funny, eh?"
'Enough With the Nonsense!'

Indeed, "enough with the '1 percent' nonsense!" exclaimed blogger Robert Pogson, pointing to Net Applications' statistics for California, for San Francisco "Designated Market Area," and for Sunnyvale, California.

"They show huge percentages in a region of 37 million people, and it's a lie because the source of that 'share' is Google (Nasdaq: GOOG), using GNU/Linux desktops as a business," he explained. "That's right, those high share numbers for that other OS result from business usage of that other OS.

"Net Applications must be sampling during office hours or from company domains," he added. "Business is locked in by M$'s office suite, and other business-centric software made only for that other OS."

In actual usage, "you will find lots of users in government, education and in the home in Brazil, Russia, India and China, where governments actually use GNU/Linux, promote usage, and are not 'partners' of Net Applications," Pogson pointed out. "You can find GNU/Linux is popular in Malaysia and Europe as well."

Linux shouldn't be pronounced dead "until the final battle for retail space is lost," Pogson concluded. "Only a few years ago it was rare to find an OEM selling GNU/Linux and even more rare to find a retailer selling GNU/Linux. That has changed. GNU/Linux is alive and well on the desktop."
'A Worldwide Phenomenon'

Google+ blogger Kevin O'Brien took a similar view.

"I think I have personally resigned from the club of people whose self-worth depends on their OS being dominant," O'Brien told Linux Girl. "Linux will be there for everyone who wants it, and that is fine for me, since I want it."

As for the market share statistics, "my impression is that they solely measure OS market share in the U.S., where no one ever got fired for buying Microsoft," he added. "Linux is a worldwide phenomenon, and I think usage is much higher outside the U.S. than it is here."
'Still Growing'

Consultant and Slashdot blogger Gerhard Mack suggested some alternate wording.

"I wouldn't say 'dead' so much as 'a growing niche,'" Mack told Linux Girl.

"Right now the apps are just not there yet for some tasks, so for many (most?) people, there are no good reasons to switch," Mack mused. "On the other hand, when all of the tools are there, Linux is a good option -- it is easy to set up, secure by design and very flexible."

In fact, "some governments have just implemented plans to switch their desktops over, such as Iceland and the Spanish state of Extremadora, so not only is it still growing, it will grow in the future as well," he added.
'Not Dead'

"Given the recent rash of stories about corporate desktop Linux, I just don't see it myself," Hyperlogos blogger Martin Espinoza opined.

"I just installed Android (-x86 4.0rc1) on my laptop," he noted. "I hope that one day enough of its kernel gets merged with the mainline that I can reasonably run it on my desktop. So far it seems fairly usable with mouse and keyboard."

As long as Windows "effectively comes with your PC for free, there's no particular reason why Linux should ever conquer Windows on the desktop at this rate, which is presumably why OEM copies of Windows are still extremely inexpensive," Espinoza added. "Clearly, Linux on the desktop is not dead, but it is primarily in business."
'Two Huge Issues'

Slashdot blogger yagu had some thoughts about that.

"There are two huge issues holding Desktop Linux back: corporate profitability and killer apps," yagu asserted.

"Companies make a fortune off of Linux in the back rooms, where servers are doing all the heavy lifting and the user demographic is highly technical," yagu explained. "Companies rely on Linux for heavy processing because, in the vernacular of Apple (Nasdaq: AAPL), 'it just works!' There are no prohibitive learning curves for this user base -- there's a line of geeks just waiting to get their hands on Linux servers."

Desktop Linux, however, "offers no such benefit," he opined. "Yes, it's free, but companies face the re-training costs and rollout issues and see no return on investment. And there's always at least one killer app that absolutely must be available but is not available for Linux.

"I can make a case that the return on investment is worthwhile, but nudging an entire company off Windows is daunting at best," he added. "Logic doesn't apply."
'Every Year They've Been Wrong'

Nevertheless, "Desktop Linux thrives in spite of its disadvantaged position," yagu pointed out. "It's good enough to maintain and grow a loyal base."

That's not likely to change, "but until Microsoft is rendered completely irrelevant (think browser-based computing), Desktop Linux will stay a minor player," he predicted.

In the meantime, "the naysayers have been claiming the death of Desktop Linux every year, and every year they've been wrong," he concluded.
'Things Don't Get Any Better'

Slashdot blogger hairyfeet wasn't so sure.

"Is Linux dead? Well, it'd have to have been alive at one point to be dead, and I'd argue that frankly it has never gotten above a niche hobbyist OS on the desktop, no different than BSD or Haiku," hairyfeet asserted.

"I'd say the bigger question, the one nobody seems to be willing to really ask, is 'Why? Why would they rather steal the competitor's product than take Linux for free?'" he suggested. "I believe I can answer that: It's because nobody listens to the users."

After all, "if Apple or Microsoft don't listen to users, their sales go down, they lose share and money, so they have an incentive to listen," hairyfeet said. "The devs in Linux answer to NOBODY but their own itch-scratching, so things simply don't get any better."
'There Is No Single Desktop Market'

That view was far from unanimous, however.

"Desktop Linux is not dead," Chris Travers, a Slashdot blogger who works on the LedgerSMB project, told Linux Girl. "I have argued repeatedly that it is wrong to talk about desktop Linux because there is no single desktop market -- instead, there is a series of desktop markets."

As Linux "becomes more capable in those markets where it is currently entrenched, it will branch out into other markets," he explained. "This process is likely to be slow, but it is happening now.

"I think the big concern right now is that the Linux desktop experience has gone from fractured to quickly changing," Travers concluded. "I think this lack of stability is a problem for users, and so this is something that distro maintainers need to be especially sensitive about."
'Just Random Noise'

Last but not least, Barbara Hudson, a blogger on Slashdot who goes by "Tom" on the site, pointed to statistics on Wikipedia.

According to those, "in July of 2011, 1.51 percent of non-mobile users were using linux," she noted. "That dropped to a low of 1.27 percent in September before climbing back to 1.52 percent in February."

So, "an increase of 0.01 percent (one part in 10,000) over 7 months, given the wide swings month-to-month, is just random noise," she asserted.
'None Too Shabby'

It also "tends to over-estimate the percentage of linux desktop users, since the tens of millions of Windows gaming rigs outnumber linux desktops, and most of those gamers are not going to spend much time on Wikipedia," she suggested. "The same is true for the hundreds of millions of Windows machines in offices around the world. Also not represented in the logs were computers in China."

Looking at the big picture, "maybe it's not time to put desktop Linux in a red shirt and have Dr. McCoy pronounce, 'He's dead, Jim,' but he's not going anywhere, either," Hudson mused.

"Tux will have to be content with being No. 1 in supercomputers, being strong in servers and embedded systems, and being the underpinnings of the No. 2 phone OS," she concluded. "Looked at that way, it's none too shabby, and anything else is just gravy."

Posted by Hadouch | op 14:54 | 0 reacties

Google's hilarious April Fools' Maps launch

So here is an April Fools' work of art from the company that, to many minds, just might deserve righteous laughter. For here, purportedly, is the launch of Google Maps 8-bit for the Nintendo Entertainment System.

According to Google's Lat Long blog, this is something that the world desperately needs.

"Our engineering team in Japan understood the importance of maps on retro game systems. With the power of Google's immense data centers, and support from Nintendo and Square Enix, we were able to overcome the technical and design hurdles of developing 8-bit maps," wrote Google Maps software engineer, Tatsuo Nomura.

He goes on to wax with some lyricism about "beautiful low-res graphics; simple and intuitive controls; and a timeless soundtrack." He also promises a mobile version for Game Boy.

Yet even more enchanting is the deadpan performance of the actors in the promotional video. Their faces straighter than a Google engineer's on a Monday morning, the Japanese family waits for this technical revolution to reveal itself.

The father even blows on the cartridge to "fix bugs."

And then we see the beautiful low resolution of the maps, as the family searches for the Pyramids or tries to plot its route from Los Angeles to New York. The sheer joy when the family tries the voice search feature and discovers Peru Nazca will fill your heart with gladness.

I am grateful to The Next Web for revealing this April Fools' amusement. Unless, of course, this is just another attempt by Google to control absolutely every possible technological scenario in the world. No, no. It couldn't be.


Video: http://www.youtube.com/watch?feature=player_embedded&v=rznYifPHxDg

Posted by Hadouch | op 14:51 | 1 reacties