Monthly Archives: December 2013

Neverquest banking malware more dangerous than Zeus trojan

New Neverquest malware steals bank account logins and lets attackers access accounts through victims’ computers. 

For over five years, Zeus has been the undisputed king of banking malware. Once this trojan was loaded onto a victim’s machine, it could:

  • Detect when the owner entered banking information into a web browser.
  • Steal passwords and other pertinent login information.
  • Encrypt the stolen information and send it to the attacker’s specified servers.

Zeus was also one of the first pieces of malicious software to be sold under a license. For the right price, anyone could use it.

Zeus remains active today, but its source code was published online in 2011 and this cyberscourge has about run its course. Unfortunately, Security experts are already sounding the alarm about a new piece of malware that makes Zeus look like a simpleton.Neverquest significantly raises the bar for online banking malware.

How Neverquest works

Like Zeus, Neverquest is a Trojan. Bad guys introduce Neverquest to the victim’s computer via social media, email, or file transfer. According to the security blog Threat Post, Neverquest replicates in a manner similar to the Bredolab botnet client:

“Bredolab malware used the same methods of distribution that Neverquest is currently using. Bredolab would eventually become the third most widely distributed piece of malware on the Internet.”

Before it was shuttered, the Bredolab botnet consisted of 30 million computers. Why not use something that works?

If the victim’s computer is vulnerable to an exploit targeted by Neverquest’s trojan loader; the malware is installed. Then Neverquest starts paying attention to what the user is typing into their web browser. If a predetermined financial term is recognized, Neverquest checks the website domain name. Since, Neverquest has hundreds of banking and financial institutions in its database; there’s a better than average chance Neverquest will be familiar with the banking website.

Once Neverquest recognizes a banking site, it will relay the login information back to the attackers’ command and control server. Once the victim’s credentials are in the hands of the attackers, they will remotely control the victim’s computer using VNC, log into the victim’s banking website, and do one of the following:

  • Transfer money to different accounts
  • Change login credentials, locking out account owner
  • Write checks to money mules

And to make matters worse, banking sites are unable to distinguish the victim’s login from that of the attacker using Neverquest.

One capability Neverquest has that Zeus doesn’t, is the ability to cultivate new banking sites for its database. If the malcode recognizes certain financial terms, but not the domain; Neverquest will send the information back to the command and control server which then creates a new identity, and updates every compromised computer under its control.

Neverquest in the wild

One sobering reality is that Neverquest is already for sale. Zeus, being “first of its kind” malware, required skilled controllers. Not so with Neverquest, script kiddies and malware non-experts are able to make use of the potent malware as soon as they buy it.

Next reality: standard antivirus software is not effective. Kaspersky mentions in this blog:

“Protection against threats such as Neverquest requires more than just standard antivirus; users need a dedicated solution that secures transactions. In particular, the solution must be able to control a running browser process and prevent any manipulation by other applications.”

Kaspersky also reported that:

“Neverquest is also designed to start harvesting data when an infected user visits any number of sites not related to finance, including Google, Yahoo, Amazon AWS, Facebook, Twitter, Skype and many more.”

It appears that Neverquest developers are looking to diversify.

Protecting yourself

Despite Neverquest’s formidable capabilities, there are several things we can do to protect ourselves. First, there is the security expert’s mantra, “Make sure the computer operating system and all applications are up-to-date.” Doing so will at least prevent malware from exploiting known weaknesses.

Second, using a LiveCD to access banking websites is still a valid method to prevent malware such as Neverquest from stealing your financial information and eventually your money.

 

Via: techrepublic

How to Disable “Update to Windows 8.1 for Free” Notification in Windows 8 Store?

Almost all of us know that Windows 8.1 is a free update for Windows 8 users and it can be downloaded and installed through Windows Store program in Windows 8 as mentioned here. If you are using Windows 8, it automatically notifies you about the availability of Windows 8.1 free update. Windows 8 regularly shows a notification message on the screen which asks you to go to Windows Store to download Windows 8.1 for free as shown in following screenshot:


Once you click on “Go to the Store” button, it allows you to update to Windows 8.1 for free via Windows Store.

But there is a slight problem! Some users may not want to update their Windows 8 computer to Windows 8.1 for some reasons. In such situations, the regular prompts to get Windows 8.1 for free might become annoying to them. There is no option given to permanently disable this notification message and you regularly get them.

I have received many emails from readers asking a way to turn these notification messages off in Windows 8. So today in this tutorial, we are going to tell you 2 ways to disable “Update to Windows 8.1 for Free” notification message in Windows 8:

  • METHOD 1: Using Group Policy Editor (gpedit.msc)
  • METHOD 2: Using Registry Editor (regedit)

    Once you follow these methods, you’ll no longer receive these annoying notification prompts to upgrade to Windows 8.1 for free.

    METHOD 1: Using Group Policy Editor (gpedit.msc)

    1. Press “WIN+R” keys together to launch RUN dialog box and type gpedit.msc and press Enter. It’ll open Group Policy Editor.

    2. Now go to:

    Computer Configuration -> Administrative Templates -> Windows Components -> Store

    3. In right-side pane, double-click on “Turn off the offer to update to the latest version of Windows” option and set its value to “Enabled“.


    That’s it. It’ll immediately disable the Windows 8.1 free update notification in Windows 8 and you’ll never see it again. If you want to enable the notification again in future, set the value to Not configured.

    METHOD 2: Using Registry Editor (regedit)

    If you don’t want to use Group Policy Editor or can’t use it, you can do the same thing using Registry Editor. Just follow these simple steps:

    1. Press “WIN+R” keys together to launch RUN dialog box and type regedit and press Enter. It’ll open Registry Editor.

    2. Now go to following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore

    If the above key doesn’t exist, you’ll need to create it manually.

    3. Select WindowsStore key and in right-side pane, create a new DWORD DisableOSUpgradeand set its value to 1


    4. Close Registry Editor and log off or restart Windows to take effect. It’ll completely turn off Windows 8.1 update notification.

    If you want to restore the notification in future, just delete the DWORD or set its value to 0.

     

    Via: askvg

Federal Judge Rules NSA Phone Records Collection Legal

The ruling by U.S. District Judge William Pauley (Manhattan) in favor of the NSA conflicts with last week’s ruling by a federal judge in Washington, D.C., that NSA’s mass call-tracking program violates the Fourth Amendment. Concerned with the erosion of privacy, the ACLU plans to appeal Pauley’s ruling to the Second Circuit Court of Appeals.

The National Security Agency (NSA) program that collects records of phone calls is perfectly legal. So says a federal judge in a ruling on a case filed by the American Civil Liberties Union challenging the surveillance program.

The plaintiffs filed the lawsuit on June 11, 2013, less than a week after the mass call-tracking program was revealed by The Guardian newspaper. The report was based on documents obtained from NSA whistleblower Edward Snowden.

The federal court issued an opinion and order in ACLU v. Clapper, ruling that the government’s bulk collection of phone records is lawful under Section 215 of the Patriot Act and under the Fourth Amendment. The court denied the plaintiffs’ motion for a preliminary injunction and granted the government’s motion to dismiss the case.

A Conflicting Ruling

The program, “vacuums up information about virtually every telephone call to, from, or within the United States,” U.S. District Judge William Pauley in Manhattan said in his 54-page decision. He also ruled that whether or not the program is constitutional is “ultimately a question of reasonableness” and found no evidence that the U.S. government had relied on “bulk telephony metadata” for any reason beyond investigating potential terrorist attacks.

“This blunt tool only works because it collects everything,” Pauley wrote. “Technology allowed al Qaeda to operate decentralized and plot international terrorist attacks remotely. The bulk telephony metadata collection program represents the government’s counter-punch.”

Pauley’s ruling conflicts with last week’s ruling by a federal judge in Washington, D.C., that the mass call-tracking program violates the Fourth Amendment. The ACLU plans to appeal the ruling to the Second Circuit Court of Appeals.

Remembering 9/11

“We are extremely disappointed with this decision, which misinterprets the relevant statutes, understates the privacy implications of the government’s surveillance and misapplies a narrow and outdated precedent to read away core constitutional protections,” said Jameel Jaffer, ACLU deputy legal director.

“As another federal judge and the president’s own review group concluded last week, the National Security Agency’s bulk collection of telephony data constitutes a serious invasion of Americans’ privacy. We intend to appeal and look forward to making our case in the Second Circuit,” he said.

But Pauley is confident in his ruling. He pointed to the Sept. 11 attacks, which he said demonstrated the cost of missing such a threat and how “horrific” it can be. He said the Sept. 11 attacks, “revealed, in the starkest terms, just how dangerous and interconnected the world is. While Americans depended on technology for the conveniences of modernity, al-Qaida plotted in a seventh-century milieu to use that technology against us. It was a bold jujitsu. And it succeeded because conventional intelligence gathering could not detect diffuse filaments connecting al-Qaida.”

Via: enterprise-security-today

21 Educational Podcasts That’ll Make You Smarter

I daresay, my good fellow – you look like you’ve got quite the conundrum on your hands if I do say so myself!

You see, you’re sitting at your computer, reading this blog post and trying to learn something. And of course, that’s all well and good.

But there’s something nagging at the back of your mind, now isn’t there? Some small voice telling you:

“I really should go hit the gym.”

And so you should – but I’ll agree that it’s quite unfortunate you can’t continue reading and learning while you do so.

…or can you?

Alright, you can stop imagining this post being voiced by an elderly British gentleman. If you’re looking for a way to make all that gym time productive for your mind as well as your body, then podcasts are your answer.

In fact, any time you’re doing something less than mentally stimulating – driving, walking to class, doing your laundry – you can probably pop in your headphones and listen to a podcast at the same time.

What is a podcast? Put simply, it’s some form of episodic content that you can subscribe to and download. Usually it’s audio or video, and anyone with a mic and an internet connection can make one.

Podcasts aren’t nearly as numerous as blogs, but there are still a lot to sift through out there. So, to help you dive into the world of podcasts, I’ve created a list of my favorites.

These 21 educational podcasts are all great shows that’ll help you learn more, thus essentially adding more productive hours to your day. They might even help keep you entertained on laundry days as well.

1. TEDTalks

love TED talks, and I bet there’s a good chance that you’ve watched a few before as well. Most TED talks are just as good in audio form as they are in video, so the TEDTalks podcast easily tops the list here.

There are few other places where you’ll find such a great variety of awesome, mind-expanding content.

2. RadioLab

Even if you’re not familiar with how podcasts work, there’s a good chance that you’ve heard of RadioLab before. One of the most popular podcasts in the world, RadioLab is a “show about curiosity”.

The founders tackle topics ranging from brain injuries to the story of Henrietta Lacks. Each episode is masterfully produced and features tons of different voices – topical experts, subjects of the interviews, and more. This is one of those shows that makes people mad simply because they can’t produce episodes fast enough.

3. StarTalk Radio

With the possible exception of Bill Nye, Neil deGrasse Tyson is one of the most engaging and interesting scientific personalities to listen to. I recently saw him speak at Drake University, and the 3-hour wait out in the cold was certainly worth it.

On StarTalk Radio, Dr. Tyson educates you on all things space – stars, planets, humans in space, etc. He’s also interviewed lots of amazing people, including Dan Aykroyd, Alan Rickman, and this little-known guy named Buzz Aldrin.

4. The College Info Geek Podcast

Most people who make these kinds of lists like to promote their own thing last in order to seem humble. Well, screw that! If you’re in college and want to make the most out of it, you should listen to the College Info Geek Podcast.

While I do create solo episodes on specific topics, the main draw here is the in-depth interview with awesome people like Gary Vaynerchuk, Steve Kamb, and Caleb Wojcik.

5. Entrepreneurial Thought Leaders

Even if you don’t have entrepreneurial aspirations, the Entrepreneurial Thought Leaders podcast can be an incredibly useful learning resource. I’ve been listening to it since I was in high school, and it’s one of my favorite podcasts.

This show is simply a series of recorded lectures from Stanford University. Past guests include Guy Kawasaki, Mark Zuckerberg, and Marissa Mayer.

6. Back to Work

Interested in becoming more productive, getting things done more efficiently, and discovering new tools to help you work better? Back to Work is the podcast for you.

Each week, hosts Merlin Mann (founder of 43Folders) and Dan Benjamin talk about a new topic related to productivity, communication, work, etc.

7. Founders Talk

Part of the same network as the previous show, Founders Talk is an excellent podcast for anyone wanting to get into the head of the founders of successful startups and businesses.

This is another one of those podcasts that really helped me learn a lot about running my own company. If you’ve got any desire to run your own thing after college (or during it), you can’t miss it.

8. Rationally Speaking

After reading the excellent Harry Potter and the Methods of Rationality, I became intensely interested in topics like rationality, cognitive science, and heuristics. I also started following several people in those circles – one of them being Julia Galef, the cofounder of the Center for Applied Rationality.

In the Rationally Speaking Podcast, Galef and her co-host Massimo Pigliucci tackle topics like utilitarianism, heuristics and biases, and just why people should learn to be rational in the first place.

9. Social Triggers Insider

Derek Halpern’s blog Social Triggers is mainly pointed at people running online businesses, digging how psychology works and figuring out how you can apply those findings to get more sales and be a better marketer.

The Social Triggers Insider is a podcast with very similar content, but I think you’ll find it interesting even if you’re not a marketer or entrepreneur. Halpern interviews lots of well-known authors and college professors, so you’ll learn plenty about human psychology along with the marketing tactics presented.

10. EPOP Travel

A while ago, I interviewed Travis Sherry on the CIG podcast about travel hacking and frequent flyer miles. If you liked that interview (or you’re just interested in travelling), check out his podcast, the Extra Pack of Peanuts Travel Podcast.

In addition to talking about travel hacking, Travis interviews well-seasoned travelers about other topics that might interest you if you’ve got the urge to get out of the country at some point.

11. The Podcast History of Our World

“Thomas, you’re the only student I’ve ever had who slept through my entire class and still got an A.”

Ok, it’s a humblebrag, but it’s true – I slept through most of my 11th grade American History class (I blame it on the class being right after lunch).

My appetite for history knowledge has gone way up since then, though, and The Podcast History of Our World is one of my favorite ways to get it. Definitely check this one out.

12. Stuff You Should Know

How does pepper spray work? What’s better: cash, credit, or debit? How do they make silly putty?

If you’ve ever wondered about anything like these questions, Stuff You Should Know will satiate your curiosity. This is another podcast I’ve been listening to for a long time, and it’s a great one to fall back on when you’re not really looking for anything in particular to learn – but you want to learn all the same.

13. The Dice Tower

Growing up, my perception of what board games were was pretty much defined by what you see on the shelves at Wal-Mart; namely, things like Monopoly, Sorry, and Operation.

These days, I’ve found a new appreciation for board/card games, and have gotten into some much more strategic (and fun) ones – Magic: the Gathering, Arkham Horror, Seasons, and others.

If staring at a screen for fun isn’t your thing, or if you’re addicted to watching Tabletop with Wil Wheaton, then The Dice Tower is the podcast for you.

14. Listen Money Matters

If you’ve ever gone through the Start page here at CIG, you’ll know that one of my main focuses is helping you to pay off your student loans, avoid more debt, and generally become financially free.

Listen Money Matters is a relatively new podcast that definitely hits those areas well. In this podcasts, you’ll learn about investing, avoiding bank fees, whether you should rent a home vs. buying one, and more.

15. The Cubicle Renegade Podcast

My friend Caleb Wojcik is a man of many talents – he’s a great videographer, photographer, blogger, and web designer. He’s also got great skills on the mic. If you don’t believe me, check out my interview with him on the CIG podcast, where we talk about skill acquisition.

After that, check out his own show, the Cubicle Renegade Podcast. On it, Caleb interviews successful entrepreneurs and talks about habit-building, getting good at things, staying fit, and more.

16. The Paleo Solution

As a geek, I’m interested in optimizing each and every aspect of my life as much as I can. My health is no different.

While I’m definitely not perfect in the practice department, I’ve learned a lot about nutrition over the years and currently believe that a Paleo/Primal diet is one of the best that you can follow for optimum health.

If you’d like to learn more about it (and staying healthy) on the go, definitely check out The Paleo Solution. It’s hosted by Rob Wolf – one of the most well-respected voices in the Paleo community – and packs in a ton of great information.

17. Japancast

If you’ve read my mega-post on how you can learn efficiently on your own, you’ll know that I’m a huge fan of Japan and have been learning Japanese for quite some time.

To help my learning, I’ll often listen to thing like Japanese news broadcasts. I also like listening to Japancast, which is great if you’re trying to learn the language.

This is just an example, though. The Education section of the iTunes podcast store has tons of language-learning podcasts available, so go check it out, language learners! Also, check out my friend Martin’s blog Powlyglot while you’re at it.

18. Good Job, Brain!

Ever wished you could be the type of person who’s just a walking encyclopedia of random knowledge? Well, if Stuff You Should Know isn’t enough for you, then subscribe to Good Job, Brain! as well.

Self-described as part pub quiz show and part off-beat news, this show is chock-full of great trivia and interesting things. Who knows, maybe it’ll help you win Jeopardy! some day.

19. How to Do Everything

Yet another “general curiosity” podcast, How to Do Everything shows you… well, I think the title can speak for itself on this one.

Basically, people send in questions – “How do I not sound stupid when ordering wine?” for example – and the hosts answer them either by themselves or by consulting experts. It’s like kinda like Modern Marvels for your ears.

20. The Skeptics’ Guide to the Universe

The Skeptic’s Guide of the Universe is a fantastic podcast that aims to increase public understanding of things like science, critical thinking, and rationality. It’s similar to the Rationally Speaking Podcast, though it has a larger group of hosts.

Hitting the subscribe button and plugging in your headphones will expose you topics including cosmic radiation, neuroscience, and more.

21. A History of the World in 100 Objects

Listening to this podcast is almost like going on a museum tour – a really, really interesting one. A History of the World in 100 Objects looks at significant objects to tell the history of the world.

The objects in the series include the Rosetta Stone, the Seated Buddha from Gandhara, and even the credit card. Oh, and the series sounds like a professional documentary. Highly recommended.

 

Via: collegeinfogeek

How to Remove Ads from your Kindle without any Hacks

The Kindle reader starts at $89 but you get a $20 discount if you opt for the Kindle with Special Offers. The two models look alike and have the same set of features except that Kindle with Special Offers model will display sponsored ads on the home screen when idle.

The ads on the Kindle with Special Offers edition are unobtrusive but Amazon does offer an option to remove ads from the sponsored Kindle for a $20 fee. Go to your Kindle dashboard on Amazon.com, click the Manage your Devices link, select your registered Kindle device and click Edit next to the Special Offers link.


Request Amazon support to remove sponsored offers from your Kindle

Disable Ads on Kindle with Special Offers

There’s another easier option as well that will let you remove ads from your Kindle for free.

You can contact the Amazon support team and request them to disable advertising on your Kindle with Special Offers. They are likely to oblige if you using a Kindle outside the USA since special offers cannot be claimed in other countries.

Here are the steps involved:

  1. Open the Contact Us page on Amazon and select your Kindle device from the list.
  2. Under the Issues section, select Kindle Device -> Kindle with Special Offers -> Problems claiming offers.
  3. Select the Chat option and here you can request the Amazon representative to disable ads on your Kindle device.

You’ll get a notification on your Kindle device (see screenshot) once the sponsored offers have been turned off. Restart your Kindle and the ads should no longer appear on the device.

I tried this on my Kindle and the ads were gone in 5 minutes. The trick, which also applies to the Kindle Paperwhite and Kindle Fire tablets, was originally shared on Reddit but has been pulled down by the submitter.

 

Via: labnol

T-Mobile’s GoMart Offers Wireless Users Free Facebook Access

T-Mobile subsidiary GoSmart is offering its wireless customers a little something different: free access to Facebook even if the users don’t have a wireless data plan. According to AllThingsD, the promotion should launch next month and will cover “anything hosted on Facebook itself,” include Facebook messenger. While there has been a lot of talk over the years (most of it from billing systems companies) about carriers charging more or less for particular apps, a lot of these billing concepts (like AT&T’s 1-800 data concept) have raised red flags among the network neutrality brigades. The concept of offering free data for one app is a new one here in the States, and it will be interesting to see how it’s received by consumers.

Apple Patents Integrated Heart Rate Monitor For Smartphones, Hover Touch Sensors

Apple has been issued a couple new patents by the USPTO today (via AppleInsider), including one for hover touch sensing, the likes of which we’re starting to see rolled out in Android-powered devices lately like the Samsung Galaxy S4. Another patent issued today covers an embedded heart rate monitor that could add one more sensor to the iPhone, with potential for biometrics and fitness apps.

The touch and hover patent describes a means for detecting when a person’s finger is near to, but not actually in contact with, a touchscreen device. It outlines ways in which hover input can be used to issue commands to a device, with those screens outputting an electrical field to help determine the position of a user’s finger. But the system is about more than just the kind of hover controls that other OEMs have implemented to relatively little effect: Apple describes how the system can be used to offer more effective and accurate errant touch detection.

The hover field could help a mobile device better identify which touches were meant to actually spark an action, and which were accidental or incidental to something else. Apple already does some touch rejection with the latest iPads and their thinner side bezels, and with palm rejection in some apps, but this could theoretically help improve the performance of any accidental touch detection.

The patent also describes a method for better dealing with changing weather and environment conditions when it comes to accurate touch detection. It would work by allowing touch devices to take a baseline reading when conditions are optimal, and then detecting via sensors when conditions change and tweaking touch detection settings slightly to modify and improve accuracy when, say, the weather gets cold. In general, Apple seems to be looking at hover touch tech as more of a supplementary tech than something that will find expression in actual interface design.

As for the heart rate monitor, Apple’s patent describes a sensor found in the screen bezel or other conductive portion of the device that could read EKG data. You could imagine it going into the conductive metal ring around the Touch ID sensor in the current iPhone 5s design, for instance, which would be fitting also because of similar function between the two sensors.

Apple’s patent for heart rate monitoring sensors describes ways they might be used to identify a user according to their unique biometric information. The fingerprint sensor in the iPhone 5s serves a similar purpose, but paired with a heart rate sensor, it becomes less of a convenience factor and more about secure identification.

As always, don’t expect to see these Apple patents go into devices immediately, but they do provide an interesting look behind the curtains at Apple’s R&D efforts. Two-factor biometric security would definitely put Apple even more in the lead when it comes to device-based security, and improving touch screens and their performance will always deliver benefits. And Apple already leads the pack in that regard, too, according to recent comparative tests.

Via: techcrunch

CryptoLocker ransom Trojan infected 250,000 PCs

Dell SecureWorks estimates at least 0.4 percent of victims of the malware paid up, generating millions of dollars in ransom payments.

The feared CryptoLocker ransom Trojan has infected at least a quarter of a million PCs worldwide, a success rate probably generating somewhere in the low millions of dollars in ransom payments, a new analysis by Dell SecureWorks has estimated.

Alarming reports of the chaos sown by CryptoLocker have been easy to come by, less so hard numbers about the scale of what has surely been the malware story of 2013.

Offering some of the first data, Dell SecureWorks recorded 31,866 infected PCs contacting sinkholed command and control servers between  Oct. 22 and Nov. 1 alone, over 22,000 of which were in the U.S. with around 1,700 in the U.K.

Carrying out the same exercise between Dec. 9-16 , the number of infected PCs had fallen to only 6,459, a fall attributed mainly to a lower level of activity by the botnets pushing the malware.

From these numbers, the firm calculated that in the first 100 days of its activity from mid-September, CryptoLocker managed to infect between 200,000 and 250,000 PCs globally, disproportionately in English-speaking countries.

This brings Dell SecureWorks to the issue of how much money the criminals have made from CryptoLocker.

Based on bitcoin payments connected to ransoms, Dell Secureworks estimates that between September and December the sums extorted were between $380,000 and $980,000 in value, depending on how long the virtual currency was held for.

Because this excludes ransoms paid using other channels such as MoneyPak — most of the sums extorted Dell believes — the real damage had to be much higher than this, the firm said.

“These figures represent a conservative estimate of the number of ransoms collected by the CryptoLocker gang,” said Dell SecureWorks’ researchers.

“Based on this information and measurements of infection rates, CTU researchers estimate a minimum of 0.4 percent, and very likely many times that, of CryptoLocker victims are electing to pay the ransom.”

Many of the victims of CryptoLocker’s shakedown have been small businesses rather than consumers; from its first appearance the malware targeted SMEs using subject lines such as ‘consumer complaint’ to engineer employees into opening attachments, the firm said.

One high-profile example of this was a U.S. police department that not only found itself infected by CryptoLocker but quite incredibly agreed to pay its bitcoin ransom demand.

As this target field became exhausted, the criminals had shifted, probably reluctantly, to less profitable home users. Today, the waxing and waning of CryptoLocker corresponded to activity on botnets used to distribute it, such as Cutwail.

According to Dell, its creators were almost certainly seasoned in malware campaigns that appear to have made sound design decisions that complicate efforts to mitigate this threat and have demonstrated a capable distribution system based on the Cutwail and Gameover Zeus botnets.”

Via: infoworld

When You Compose a Tweet, Photos Now Come First

A small Twitter update is sending a strong message regarding how the company expects users to tweet moving forward.

A change to Twitter’s iOS app on Monday automatically surfaces the user’s photo gallery instead of a keyboard when the user begins to compose a tweet. If a user does not want to include a photo, she can tap on the blank text box and the photo gallery will be replaced with the traditional keyboard.

This change is now the default for users that open a new tweet within the mobile app; users cannot change the default back to a keyboard at this time, according to a Twitter spokesperson.

Sharing photos just got easier on your iPhone – now it takes just one tap to select from your photo gallery. pic.twitter.com/Wj0m2CIrk6

— Twitter Mobile (@twittermobile) December 23, 2013

The change is a small one, but continues to prove the importance of photos to the social media company. With the success of apps that place a strong focus on photos, like Snapchat and Instagram, Twitter’s subtle change is a reminder that the company wants users to continue sharing photos, first and foremost.

How Azure helps Microsoft take down cyber criminals

In mid-November, Microsoft unveiled a facility on its Redmond, Wash., campus that had become the new home for its Digital Crimes Unit. It took the opportunity to offer up new details about the multi-agency initiative that disrupted the huge Citadel botnet earlier this year. What Microsoft hasn’t yet talked much about is the role the cloud played in the Citadel project and how the cloud enables the company to tackle cyber crime. I had a chance to hear more about it from Richard Boscovich, assistant general counsel for Microsoft’s Digital Crimes Unit, this week. The Digital Crimes Unit has some dedicated hardware on-premises, although Boscovich revealed only a few specifics. “We do in fact use quite a lot of storage power, a lot of compute power,” he said. “We have a Hadoop cluster on SQL server and a parallel data warehouse right here on-premises. We’re talking terabytes of storage.” Still, that’s not always enough. “Even with that, we have to go to the cloud to get some more capacity when we do some of these take downs,” he said. “One interesting aspect of being able to scale in the cloud is you’re able to provision computers or virtual servers quickly, without the need of having hardware here in the DCU. We leveraged that ability of scalability in the recent takedown of Citadel,” he said. That kind of scalability also helps with the increased traffic that Microsoft sees after a takedown, when cyber criminals attack Microsoft for disrupting their activity. Without the cloud, it would have taken much longer to disrupt Citadel, a botnet that Microsoft said siphoned $500 million from people around the world whose computers it infected. “In the past, we would have been between a rock and a hard place,” said Boscovich, who went on to describe the typical, drawn-out process that most businesses have to procure new hardware. “That would of course slow us down,” he said. “The cloud saves us a lot of time and makes us much more nimble and able to move much faster.” The DCU uses Azure in other ways too. Microsoft works with authorities around the world to inform them when computers in their regions are being infected. When Microsoft works on a takedown, its goal is to quickly stop the harm done by the malware and work to correct the problem, Boscovich said. Microsoft collects the IP addresses of infected computers and geolocates them. If it has a partnership with authorities in that region, it will notify them so that they can reach out to the impacted individuals. As the IP address data is being collected, it’s sent real-time to Azure, which Microsoft’s partners use to access the data. “They’re getting up to the minute – in actuality a 30-second delay – information about infected IPs that we see located within their countries,” he said. Given the sensitive nature of the DCU’s activities, its use of Azure shows that the cloud can be used for projects with strict security needs, he said. “Everyone’s moving to the cloud. The issue everybody has is, is it safe enough and scalable. This demonstrates and underscores that yes, we’re providing this important information around the world via Azure,” he said.   Via: itworld