Elinor Mills / cnet
The researchers, who can make thousands of dollars for reporting just one security hole on the social-networking site, can use the card to make purchases, just like a credit card, or create a PIN and take money out of an ATM. As the researchers find more bugs, Facebook can add more money to the account.
Wolfgang Gruener / Tom’s Hardware
Researchers at North Carolina State University and IBM said they may have found a way to effectively protect certain information in cloud and services environments. A new technique called Strongly Isolated Computing Environment” (SICE) aims to isolate sensitive information and workload from the rest of the functions performed by a hypervisor, which serves as gateway to a virtual, cross-platform workspace shared by users in a cloud system.
John Cox / CSO
In a Wi-Fi network, the Denial of Service attacks are usually generated by so called ‘backoff misbehavior,’” she says. Based on the Wi-Fi protocols, client radios “listen” to see if the radio channel is being used. If it is, it “backs off” and waits for a set period, and then listens again. If the channel is clear, it can claim it, and send or receive data.
But an attacker can manipulate this process, changing the rules, Wang says. “[W]hen attacks change the rules of backoff time, it is similar to crashing a queue and occupying it forever,” she says. “Of course, [the] other users do not know what happened and would assume the entire network is down.”
By shortening its own backoff time, the attacker “can increase the chances of connecting to the access point dramatically, resulting in a much higher probability of access success.”
How does a hacker group get dissolved?
But in this shadowy world of claims, boasts and posturing, nothing is quite what it seems. It may have been other members of the hacker “community” – disgruntled with the antics of LulzSec – who forced the group into retreat. A document posted online in the last 24 hours purports to be a history of LulzSec, complete with full details on its leaders.
……
But even if LulzSec has gone offline, its members and other hackers trying to make a name for themselves may soon pop up elsewhere. And the other question is whether we should take any publicity-hungry group like this too seriously. The real damage is more likely being done by criminal groups who wouldn’t dream of boasting of their exploits on Twitter or anywhere else.
Last week ComputerWorld reported that Intel was developing a technology (most probably, a Chip) that will stop ALL zero-day attacks. Wow…that’s like, finding solution for global recession, religious conflicts, or terrorism problems. I am not being sarcastic; I intentioanlly took these examples because they fall into the same bucket as zero-day threats – i.e., we can’t predict when these events will occur and how deep the impact will be.
I respect Mr. Rattner, who was named one of top 200 individuals having the greatest impact on the U.S. computer industry back in 90s, and I am sure he is up to something big but if what he said comes true it’ll be HUGE!
We’re going to see a quantum jump in the ability of future devices, be them PCs or phones or tablets or smart TVs, to defend themselves against attacks.
….the technology won’t be signature-based, like so much security is today. Signature-based malware detection is based on searching for known patterns within malicious code. The problem, though, is that zero-day, or brand-new, malware attacks are often successful because they have no known signatures to guard against.
We’ve found a new approach that stops the most virulent attacks. It will stop zero-day scenarios. Even if we’ve never seen it, we can stop it dead in its tracks.
Still, I’d have preferred the article heading more like how Paul Ducklin put it, <quote> It’s a pity that Intel’s work has been touted in such hyperbolic fashion. Headlines like “Intel to add new low-level layer of computer security” would, surely, have been much more meaningful. <unquote>
Will this stop the multiplication of bots?
Online customers, he said, may not want their service provider to cut off their Internet access if their computer is infected. And they may balk at being forced to keep their computers free of botnets or infections.
But they may be amenable to having their Internet provider warn them of cyberattacks and help them clear the malicious software off their computers by providing instructions, patches or anti-virus programs.
They may even be willing to pay a small price each month for the service – in much the same way that telephone customers used to pay a minimal monthly charge to cover repairs.
Today Bruce Schneier blogged about the same threat that I discussed earlier this week.
It’s hard to know how real this threat is. Certainly micro-traders pay attention to latency, and sometimes even place their computers physically close to exchanges so they can reduce latency. And while it would be illegal to deliberately manipulate someone else’s trades, it is probably okay to place a gazillion trades at the same time which — as a side effect — increases latency for everyone else. My guess is that this isn’t a movie-plot threat, and that traders are trying lots of things along this line to give them a small advantage over everyone else.
It seems to be one of the most talked about topic…Wired.com ran a story on Robo-clients that aren’t there just to crunch numbers but making the decisions to buy or sell a stock, which in turn increasing the speed per transaction.
many prop-trading algorithms look at the market as a vast weather system, with trends and movements that can be predicted and capitalized upon. These patterns may not be visible to humans, but computers, with their ability to analyze massive amounts of data at lightning speed, can sense them.
Wissner-Gross and Freer of MIT recently published a paper (pdf) titled “Relativistic statistical arbitrage” to calculate a representative map of locations from which to coordinate relativistic statistical arbitrage among the world’s major securities exchanges.
Will making the systems faster increase the likelihood of latency threats?
The increase in processing and tranmission speeds have given birth to new attacks. Bill Synder discusses how time-sensitive global interactions are vulnerable to side-channel attacks, latency threats, and flash crashes.
Traditionally, applications that have latency requirements include: VoIP and interactive video conferencing, network gaming, high-performance computing, cloud computing, and automatic algorithmic trading. For example, one-way latency for VoIP telephony should generally not exceed 150 milliseconds (0.15 seconds) to enable good conversation quality, while interactive games typically require latencies between 100 and 1,000 milliseconds. However, the requirements for automated algorithmic trading are much more strict. A few extra milliseconds, or even a few extra microseconds, can enable trades to execute ahead of the competition, thereby increasing profits.
