Monthly Archives: January 2014

Target’s data breach MUCH bigger than first thought – now more than 100,000,000 records

US megaretailer Target is having a tough time of it.

Having said that, so are its customers – and even, as it now turns out, many of its non-customers, too.

Late in 2013, pretty much half way between Black Friday and Christmas, Target realised it has been, well, the target of an enormous data theft.

As far as Target could tell, its breach wasn’t quite in the very top league, such as those of Adobe and Sony, both of whom had been plundered in the past to the tune of more than 100,000,000 records.

But the breach at Target was epic by any standards, with 40,000,000 payment card records sucked up by cybercriminals.

Early reports suggested that printed CVVs (the three digit codes that only ever appear in printed form on the back of your card) had been stolen along with card numbers, expiry dates and so forth. We were skeptical, as we explained in Episode 127 of the Chet Chat podcast, because the stolen records appeared to relate to in-store purchases, also known as card present transactions, where the CVV is not used. Target subsequently confirmed that these printed security codes were not stolen. That reduces the risk of fraudulent on-line purchases, because card not present transactions usually require the CVV.

Sadly, Target just got promoted to the top league.

The company has now joined the “hundred million plus” data breach club, following its discovery that a further 70,000,000 records were plundered in the raid:


As part of Target’s ongoing forensic investigation, it has been determined that certain guest information – separate from the payment card data previously disclosed – was taken from Target. This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.

From this, it seems reasonable to infer that the crooks who got into Target’s network enjoyed much wider rein than was obvious at first, penetrating more than one business system.

Presumably, from Target’s use of the words “guest information,” this additional data wasn’t related only to customers who actually purchased something from one of the company’s stores during the November-December 2013 timeframe, but also potentially to anyone who has ever interacted with Target in any way.

In other words, you may be at risk from this exposure even if you’ve never bought anything from Target.

In some ways, this second part of the breach is worse than the first, because it involves truly personal PII (personally identifiable information).

That’s because, for most people, getting a new credit card is actually much less disruptive, and considerably easier, than getting a new phone number or a new address.

And in case anyone was in any doubt whether a breach is bad for the company that gets breached, Target has the answer.

As well as presenting bad news to its customers and so-called “guests,” the company has had to publish an update to its fourth-quarter financial predictions.

Target is warning shareholders that EPS (earnings per share) will most likely end up at $1.20-$1.30, down from earlier predictions of $1.50-$1.60.

It is also warning of poorer-than-expected sales, despite upbeat performance until the original breach announcement:

    

This outlook anticipates a fourth quarter 2013 comparable sales decline of approximately (2.5)%, compared with prior guidance of approximately flat comparable sales. The updated sales expectation reflects:

* Stronger-than-expected fourth quarter sales prior to the Company’s December 19, 2013, announcement of a payment card data breach;

* Meaningfully weaker-than-expected sales since the announcement, which have shown improvement in the last several days, and;

* A comparable sales decline of (2)% to (6)% for the remainder of the quarter.

Target isn’t mincing its words: the breach has hit the company where it hurts.

Let’s hope that there aren’t any more databases that the crooks got into while they were targeting Target.

 

Via: nakedsecurity

France fines Google for failing to rewrite privacy policy

France’s privacy watchdog, CNIL, has fined Google €150,000 for failing to conform to local law regarding tracking and storing user information.

CNIL has led pressure from privacy watchdogs throughout the region to get Google to rewrite its controversial 2012 privacy policy to align with EU data protection law.

The latest version of Google’s privacy policy introduced the practice of combining personal data from Google’s various online services, including YouTube, Gmail and Google Search.

Privacy groups are concerned that personal data is being stored in the US, reducing the control that European citizens have over their personal information.

These concerns have increased in the wake of claims by whistleblower Edward Snowden that US intelligence services have access to material stored in US-based cloud services.

In July 2013, the UK’s privacy watchdog joined data protection authorities in France, Spain, Germany, Italy and the Netherlands in demanding changes to Google’s privacy policy.

An investigation by the Information Commissioner’s Office (ICO) found that Google’s privacy policy raises serious questions about its compliance with the UK Data Protection Act.

EU recommendations

In February 2013, CNIL warned that Google could face could face a coordinated “repressive action” if it failed to comply with EU recommendations.

A set of 12 recommendations was adopted by 27 national regulators in October 2012 after a CNIL-led investigation into Google’s data collection practices.

The EU investigation began in March 2012, when Google started combining data from across its sites to better target advertising, which regulators see as “high-risk” to users’ privacy.

The new policy was implemented after the company combined 60 separate privacy policies into a single agreement, which raised privacy concerns on both sides of the Atlantic.

Google maintains that its privacy practices respect European laws.

“We have engaged fully with the authorities involved through this process, and we’ll continue to do so going forward,” it said in a statement.

Google fined for failure to comply

After Google failed to respond to the EU recommendations, CNIL issued a three-month deadline, which has now expired.

CNIL had demanded that Google specify what it is using personal data for, and how long it is held. It also wanted Google to let users opt out of having their data stored in a single location.

CNIL issued the fine for failure to comply and ordered Google to post the decision on its google.fr homepage for 48 hours within eight days of being officially notified of the ruling.

“The company does not sufficiently inform its users of the conditions in which their personal data are processed, nor of the purposes of this processing,” CNIL said in a statement.

A Google France spokesman told Reuters the company will take note of this decision and consider further action.

“Throughout our talks with CNIL, we have explained our privacy policy and how it allows us to create simpler and more efficient services,” he said.

Google could now face similar fines from other European countries unhappy about its privacy policy, but commentators point out the fines are small compared with Google’s earnings.

Although Spain could impose a fine of up to €1m or $1.4m, even this is small in comparison with the $10.7bn net profit that Google earned in 2012.

 

Via: computerweekly

Network-based security tops European agenda for 2014

he top security initiatives for European companies in 2014 will be data loss prevention, mobile and network-based security, and identity and access management, according to research by TechTarget and Computer Weekly.

According to a poll of more than 900 IT businesses across Europe, each of these will be implemented by around a third of companies.

However, the trends come as no surprise – the number of embarrassing high-profile data breaches continues to grow on a regular basis.

Close behind these initiatives are threat detection (27%), vulnerability management (26%) and virtualization security (24%).

UK trends

In the UK, mobile security is the top initiative by 40% of UK respondents, followed by identity and access management (38%) and network security (35%).

The UK also tracks higher than the European average on the question of implementing mobile security at 30% compared with 22% across the region.

The UK is also above the regional average when it comes to mobile device management at 40%, compared with 30%.

But overall these security priorities very closely track the top broad initiatives by European businesses for 2014 of mobility (36%), consolidation (34%) and virtualization (34%).

Changing priorities

It is interesting to note that compliance has dropped from top position (29%) in 2013 to eighth position at 17%, possibly indicating an effort to improve security in real terms instead of achieving compliance.

Security initiatives also track the most high-profile projects for 2014, topped by server virtualisation (51%), which is in line with the goals of maintaining (14%) or reducing (12%) IT spend.

Virtualization is followed by smartphones (40%), mobility (37%), backup for virtual servers (36%), network management and monitoring (36%), network-based security (35%), Identity and access management (33%), mobile endpoint security (32%), and data loss prevention (32%).

Although among the top projects for 2014, encryption and threat detection are relatively low down on the list, with just 28% of respondents planning projects in these areas.

Similarly, 27% of respondents said they would implement threat-detection initiatives in the coming year, with 24% for encryption.

While the security industry is moving to intelligence-led systems, investment in this area remains relatively low, with just 23% planning to implement security data-management analysis.

While attackers are moving up the software stack from operating systems to applications, companies appear to be slow in tracking this development with just 20% investing in application-based security.

And despite ongoing concerns about security in the cloud, just 21% of respondents said they plan to implement cloud security, compared with 31% predicting budget increases for cloud computing.

Implementing cloud technology

A quarter of respondents said their companies plan to implement private cloud initiatives in 2014, while 22% plan to invest in external cloud projects.

The relatively low investment in cloud security is inconsistent with the survey results, which reveal that protecting data loss is second only to regulatory compliance as a concern about cloud.

Few companies are planning to use cloud computing for security-related services, the survey revealed.

Just 20% of respondents plan to use cloud-based disaster recovery and business continuity services compared with 48% planning to use infrastructure services, followed by storage (39%).

Security as a service

Similarly, just 8% across Europe and 10% in the UK plan to use security as a service (SaaS), compared with 44% planning to use software as a service in Europe and 46% in the UK.

Interestingly, the proportion of companies that plan to use SaaS is down from 14% across Europe in 2013 and 16% in the UK.

With IT departments focusing on maintaining or reducing IT spend, helping the business automate and expand support to business, top projects for 2014 are in virtualization, mobility and network optimization.

Security priorities are based on those goals and projects, with a heavy emphasis on visualization and mobile security.

However, businesses cannot afford to ignore perennial cyber threats, so it comes as no surprise that data loss prevention, encryption, threat detection and vulnerability management are fairly high among IT security priorities for 2014.

 

Via: computerweekly

Cybercrooks developing dangerous new file-encrypting ransomware

The new threat from PowerLocker might be even more difficult to remove than CryptoLocker, which plagued users in recent months.

A team of malware developers is preparing to sell a new ransomware program that encrypts files on infected computers and asks victims for money to recover them, according to a volunteer group of security researchers who tracked the development of the threat on underground forums in recent weeks.

The new malware is called PowerLocker and its development was most likely inspired by the success of the CryptoLocker ransomware Trojan program that infected more than 250,000 computers since September.

Like CryptoLocker, PowerLocker allegedly uses strong encryption that prevents users from recovering files unless they pay or have backups. However, it’s also more sophisticated and potentially more dangerous because its developers reportedly intend to sell it to other cybercriminals.

Malware Must Die (MMD), a group of security researchers dedicated to fighting cybercrime, spotted a post on an underground forum at the end of November in which a malware writer announced a new ransomware project. That project, initially under the name Prison Locker, later became PowerLocker.

MMD researchers tracked the development of the threat and decided to make the information they gathered public on Friday out of concern that, if completed and released, the new ransomware program could cause a lot of damage. The group published a blog post with screen shots of several underground forum messages describing the malware’s alleged features at various stages of completion, as well as its planned price.

Based on a progress report by the malware’s main developer — a user with the online identity “gyx” — PowerLocker consists of a single file that’s dropped in the Windows temporary folder. Once run on a computer for the first time, it begins encrypting all user files stored on local drives and network shares, except for executable and system files.

Every file is encrypted using the Blowfish algorithm with a unique key. Those keys are then encrypted with a 2048-bit RSA key that’s part of a public-private key pair unique for every computer. The computer owners will have the public keys, but won’t have the corresponding private RSA keys needed to decrypt the Blowfish keys.

This is similar to how CryptoLocker’s encryption scheme is implemented, but PowerLocker goes even further. Once the encryption stage is done, it disables the Windows and Escape keys and prevents a number of other useful utilities like taskmgr.exe, regedit.exe, cmd.exe, explorer.exe and msconfig.exe from being used.

It then uses the functionality in Windows to create a secondary desktop and displays the ransom message there. The malware checks every few milliseconds to see whether the new desktop is the active one and prevents users from switching away from it, making the Alt+Tab keyboard shortcut and applications running on the primary desktop irrelevant.

The malware is also capable of detecting whether it’s run in virtual machines, sandboxes or debugging environments, a feature designed to prevent security researchers from analyzing it using their usual tools.

The advertised malware program, if real, definitely adds extra layers of sophistication to a family of threats that’s already difficult to combat, said Bogdan Botezatu, a senior e-threat analyst at antivirus firm Bitdefender, Monday via email. “From the malware’s description, it looks like its creator has blended CryptoLocker with the FBI ransomware [ransomware impersonating the FBI and other law enforcement agencies] to create a two-layer lock: the desktop lock and the file encryption.”

Another important difference between CryptoLocker and PowerLocker is that the new threat is supposed to be sold as a crimepack to other cybercriminals.

“While CryptoLocker was tailor-made for a select group of individuals, the PowerLocker as they call it is a tool that would be available for purchase, thus making any script-kiddie a potential attacker,” he said. “If it is real, we expect it to hit really hard.”

According to the underground forum messages shared by MMD, the PowerLocker author has partnered with another developer to create the malware’s command-and-control panel and the graphical user interface and is very close to completing them. The developers plan to sell the malware for US$100 in Bitcoins per initial build and $25 per rebuild, which is a very accessible price for cybercriminals.

“Besides the fact that this is a crimepack, it also adds extra features such as locking the user outside of the box, thus taking the machine out of production completely,” Botezatu said. If it goes viral, it could cause serious problems to mission critical systems like hospital computers, he said.

Botezatu expects other similar malware programs to be developed and used this year.

“Trojans like GPcode have set the standard for commercial ransomware, while the ROI [return on investment] rates of the FBI Trojan and CryptoLocker have probably incentivized other cybercriminal groups into joining the ransomware pack,” he said. “Ransomware is easy money and that’s what cybercriminals are after.”

Most malware today is distributed through exploits for vulnerabilities in popular software programs like Java, Flash Player and others, so it is very important to keep all applications up-to-date to prevent infection with ransomware and other threats.

Backing up important data regularly is essential to recovering files in case of infection if users are to avoid paying money to cybercriminals. However, backups should not be stored on the same computer or on network shares to which the computer has write access, because the malware could damage the backups as well.

Via: infoworld

Intel announces death of McAfee brand

In future the security products will be available under a new Intel Security name.

Three and a half years after Intel acquired McAfee, the chip giant looks set to ditch the famous brand that still bears the name of its fabled founder, John McAfee.

Intel CEO Brian Krzanich broke the news almost in passing during a presentation at CES 2014 in Las Vegas, explaining that in future the consumer products would come under a new Intel Security name.

There is some confusion about which consumer and business products will come under the Intel Security wing immediately, but the transition would take up to a year and apply to new products as they arrived, the firm later confirmed.

The distinctive if not always loved red McAfee shield will remain in place for the time being.

The decision is not entirely unexpected despite the fact that it has taken Intel longer than normal after the acquisition to resolve to drop what remains one of the two or three most famous security brands in existence. Intel is banking that attaching its own brand to the word “security” will more than offset any loss in recognition.

McAfee cost Intel $7.68 billion (at the time around £5 billion) in August 2010, still a record price for a pure security firm so it might feel it has the right to impose its own identity.

Despite being founded as long ago 1987, those will longer memories will recall that this is not the first disappearance of the McAfee brand. During the merger-crazy 1990s, it was subsumed for a few years inside Network Associates, a move that was eventually reversed in 2004 during a de-merger.

Not everyone is convinced that the latest brand-killing exercise is a good idea. According to Graham Cluley (once of rival Sophos but now an independent commentator), “it’s a complete and utter mystery why Intel would want to get rid of one of the most famous and familiar names in the world of anti-virus.”

And, as Cluley hints, ridding the public consciousness of the McAfee name might be harder to achieve than Intel thinks with the world-famous antics of its original founder John McAfee plastered all over the Internet.

“I am now everlastingly grateful to Intel for freeing me from this terrible association with the worst software on the planet. These are not my words, but the words of millions of irate user My elation at Intel’s decision is beyond words,” McAfee told the BBC.

It could be that McAfee’s notoriety since his bizarre escape from Belize in 2012 after the death of a neighbor is one of the reasons Intel decided to drop his name in the first place.

“This wasn’t hard to predict after some of the John’s stunts,” tweeted another security notable, F-Secure chief research officer, Mikko Hypponen.

But his fame — and continued fame — could turn into a constant and niggling reminder of the brand.

McAfee’s point is well made. McAfee anti-virus is world famous but not always world-loved. Nobody blames microprocessors when their PC crashes or runs slower than expected but now they will have a software product with a new name on it — Intel — to point the finger at when things go awry.

Via: infoworld

Low-tech crooks robbing gas stations with aluminum foil

Criminals in five states are using a rather creative method to spend money on stolen credit cards.

 

This recently caught my attention. According to the FBI, members of African criminal enterprises in Indiana, Kentucky, Ohio, Pennsylvania, and West Virginia have come up with a creative way to use stolen credit cards, and it revolves around aluminum foil.

From the FBI wire feed:

Members of African criminal enterprises are wrapping the foil around “feed horns” – the part of a satellite that captures and transmits the signal. The foil blocks the signal, interfering with credit card authorization systems. The criminals then use stolen credit cards to buy cigarettes and high value electronics. Stores commonly accept credit card transactions without validations.

What is a feed horn? It’s this thing:


 

 

Now, unless you follow the crime beat, you might be missing some context and wondering what the FBI means when they talk about African criminal enterprises.

African criminal enterprises have been developing in the U.S. since the late 80’s. They’ve been known to take on some low-level crimes from time to time, but their real trade is drugs, primarily heroin and cocaine. You’ll know them best from their financial crimes though.

From their Department of Justice profile:

Nigerian groups are famous globally for their financial frauds, which cost the U.S. alone an estimated $1 billion to $2 billion each year… Here’s just a partial list of their fraudulent activities: insurance fraud involving auto accidents; healthcare billing scams; life insurance schemes; bank, check, and credit card fraud; advance-fee schemes known as 4-1-9 letters; and document fraud to develop false identities. The advent of the Internet and e-mail have made their crimes more profitable and prevalent.”

So the thieves cover the feed horn, and then they go in and purchase whatever they can. The trick in this scam is to target smaller stores. So they’re hitting mom and pop locations, gas stations, and out of the way retail locations. The feed horns are usually on the roof, but that can be accessed rather easily, and the crews are said to be working in teams. However, sometimes the feed horns are on the side of the store wall, making them easier to access.

“When they [the store owners] remove the blocker on the roof, they realize that it was a scam, and that credit card is never validated and the people have walked out the door with the merchandise and it’s not been paid for,” commented Supervisory Special Agent Vicki Anderson in an interview on FBI This Week.

“If you’re a small business owner, you need to be aware if your credit card system is down and someone is purchasing something, you need to make sure that it’s really down and it’s not something that’s blocking your system.”

The stolen goods are transported to various locations, most notably New York, where they are pawned or sold for quick profit. Some items are shipped back to Africa. The object is to purchase smaller, easily sold or exchanged items.

So, the question then, why would a shop owner process credit card transactions without authorization? Because sometimes batch processing is slow, and if there is a decent enough volume, it can take time. So rather than risk a sale, the store will finish the transaction anyway. It’s a known risk, one the shop owner assumes.

There’s another aspect to this as well, the locations being targeted are states where people are more trusting and friendly, a trait that scammers love to take advantage of.

Via: csoonline

Supplier’s security incident triggers breach notifications for T-Mobile customers

T-Mobile says that unauthorized access to a file stored on a supplier’s server might have exposed personal information.

 

According to a letter template published by the California Attorney General, T-Mobile is gearing up to send an unknown number of notification letters this month, after a file stored on a server maintained by one of their suppliers was accessed improperly.

From the letter:

“We are writing to inform you of a recent incident of unauthorized access to a file stored on servers owned and managed by a T-Mobile supplier. This file contained personal information, including name, address, Social Security number and/or Driver’s License number…

“Although we believe the primary goal of the access was to obtain credit card numbers (which were not included in the file), the information that was accessible could also potentially be misused. Our supplier has taken immediate measures to secure the impacted servers…”

T-Mobile is planning to offer customers identity theft insurance for up to one year due to the incident. Experian will handle the details.

The letter does a good job notifying the customer that something happened, but it also raises a few concerns. Who was the supplier? Why did they collect such personal information? How was it being stored? The letter mentions file, so was this a single Excel spreadsheet, or a database?

T-Mobile says the supplier detected the breach on November 26, 2013, but doesn’t explain why customers are just now being told. There’s also the question of scale. How many customers were impacted by the incident? Where are they located?

I’ve reached out to T-Mobile to see if they’ll share additional data. In the meantime, if you’re a T-Mobile customer impacted by this incident, you’ll be getting a letter from the company sometime soon.

Via: csoonline

More Microsoft exec departures mark end of a Windows era

With Jon DeVaan and Grant George officially retired and most of rest of Windows 8 team out to pasture, Microsoft silently acknowledges complete lack of faith in Windows 8.

Two of the people who saved Windows — Jon DeVaan and Grant George, who delivered Windows 7 from the jaws of Windows infamy — left the company earlier this week. Two more — Julie Larson-Green and Jensen Harris — whom many blame, er, “credit” with the Office ribbon and Windows tinker toy tiles, have found new homes buried deep in corporate nowhere land. Former Windows chief Steve Sinofsky jumped ship more than a year ago, probably because he was denied Ballmer’s CEO brass ring. And Antoine Leblond of the original Office 95-2007/Windows 7-8 inner circle remains missing in action.

These departures/transfers not only solidify a complete housecleaning of the Windows effort, they mark the end of a “monolithic Windows” era. It’s becoming clear that future versions of the Win7 desktop may get a nip here and a tuck there, but massive improvements aren’t likely. More important, the breakup of the old crew sends as clear a sign as any that the powers-that-be at Microsoft realize Windows 8 screwed up big time: The whole management team responsible for Windows 8 has just hung out the “gone fishing” sign.

It’s a pity, in many ways.

Microsoft has raised many great, legendary software engineers, and I for one would put DeVaan at the head of the list, up there with Charles Simonyi, the developer uber-guru who hired DeVaan. From DeVaan’s early days working on Excel 1.0, through Office 2000, on to “the 10-foot interface” and before-its-time UltimateTV, the Gates-driven Engineering Excellence effort, then replacing the mythical Brian Valentine as head of Windows development in 2006, shipping Vista SP1, Win7, Win8, and Win8.1, DeVaan has spent 30 years defining and refining big-project software engineering, school of hard knocks style. He’s also very quiet … and (as I learned many years ago in Las Vegas) he drives a mean simulated Harley. Fittingly, DeVaan announced his retirement on his personal Facebook page.

DeVaan was Sinofsky’s boss for many years. Most telling is this reminiscence from Sinofsky, as told in GeekWire:

Back in the early 1990s the use of garbage collection was more theoretical than practical (it is used broadly today in .Net and scripting languages), but I was really into it having just come from graduate school (the theoretical). I went to see Jon to convince him of the virtues of using GC in Excel as we explored using it in our first C++ tools. He was open-minded and then patiently showed me the tiny number of bugs in Excel that were rooted in memory management problems and also showed me just how memory efficient Excel was all due to the amazing coding and engineering the team did. At once I learned the limits of theory, the pragmatic engineering Jon exhibited, as well as his patience and openness to new ideas from a ‘new guy.’

Don’t feel too bad for DeVaan. He sold 307,200 shares of Microsoft stock on April 21, netting $7.8 million. At the time, he still had 549,986 shares left, worth more than $20 million. With his experience, skills set, and street cred, he has a whole lot of future to look forward to.

George is, if anything, even more reticent than DeVaan. Although he’s often pegged as “the guy in charge of Windows testing” — and Office testing before that — the description doesn’t do him justice. George championed a very different collaborative and automated approach to testing and QA that’s since been mimicked by many other organizations: He developed, in effect, a metatesting regimen that advanced the art. He and his teams break things, and break them good. Few people realize that Microsoft hires almost as many testers as they do software engineers. Under George’s tutelage, testers at Microsoft are coders — period.

George is also at the heart (you might call him the ultimate consumer) of Microsoft’s infamous telemetry data. A report in 2009 — one of George’s few published efforts that reached the general public — describes how he and his teams tested to maximize application backward compatibility in Windows 7, relying in no small part on telemetry. Another report, also from 2009, talked about device support and testing in Win7.

Five years ago, Microsoft Press published a book entitled “How We Test Software at Microsoft,” by Alan Page, Ken Johnston, and Bj Rollison. Here’s a quote from George, included in that book, that speaks volumes about his mindset:

Tester DNA has to include a natural ability to do systems level thinking, skills in problem decomposition, a passion for quality, and a love of finding out how something works and then how to break it. … Now that is what makes up a tester that makes them different from a developer. The way we combine that DNA with engineering skills is by testing software. The name we choose should reflect this but also be attractive to the engineers we want to hire. Something that shows we use development skills to drive testing.

Sinofsky, DeVaan, and George as a team go all the way back to Office 95. Sinofsky left a year ago. As of Jan. 1, both DeVaan and George have left the building — er, campus.

There’s been speculation online about how DeVaan and George were “forced out,” but that’s a crude and facile comment. Claiming the departures had anything to do with “Terry Myerson’s wrath” shows a distinct lack of understanding about the situation. I’ve seen no indication that Myerson’s upset with DeVaan or George (although Sinofsky’s another story altogether). Mostly, the departure of the two veterans reflects a major shift in the direction Windows will take. DeVaan and George have the experience to make the old monolithic Windows hum, but Myerson’s whistling a different tune.

Except for one holdout, all of the old Office/Windows inner circle has publicly left the Windows 8 happy hunting ground:

  • Julie Larson-Green, of ribbon and tile fame, left Windows in the July reorg, landing as head of the newly formed Devices and Studio Engineering group, which at the time included “all hardware development and supply chain from the smallest to the largest devices we build … studios experiences including all games, music, video, and other entertainment.” Sometime in the next few months, though, Steven Elop is coming home to roost in the Devices niche, bringing Nokia’s mobile business — and 32,000 or so employees — along with him. It isn’t at all clear at this point how Elop’s devices match up with Larson-Green’s devices, although his (possibly apocryphal) reported willingness to cut Xbox loose certainly didn’t win him any friends among the other “devices” side of the family.
  • Jensen Harris, who deserves much of the “credit” for new user interface design in Office and Windows 8, formally left the Windows group last month to join the Bing team. Although I tend to think of Bing as being located organizationally somewhat north of eastern Siberia, I have to keep reminding myself that Satya Nadella — a current long-shot contender for the Microsoft CEO crown — left Bing less than three years ago. Another sign of the times: Almost a month after his transfer, Harris’s personal blog still lists him in his old Windows position.
  • Tami Reller, marketing and finance honcho on the Windows team, has gone on to much more ambitious pursuits. In July she was named the new executive VP of marketing for all of Microsoft.
  • Michael Angiulo, who also arrived as a Friend of Sinofsky (FOS) from the Office team, made his mark on the Windows 8 release by leading an animated presentation at last year’s Build conference and the Windows 8 launch. He was in charge of bringing Win8 religion to the OEM masses, as well as overseeing the Surface effort. With OEMs dissing Win8 openly and the Surface falling with a thud, he hasn’t had a good year. At last report, per his LinkedIn site, he’s corporate VP of Xbox hardware, apparently reporting to Larson-Green.

Two more key members of the Windows 8 management team face severe career changes in short order. Neither made it into the Win8 limelight through the FOS/Office vector, but they’re both tarred — rightly or wrongly — with the Windows 8 brush.

  • Chris Jones was in charge of Windows Live — which is now dead — as well as Hotmail, SkyDrive, and Messenger, all of which are in various stages of molting. He was the sole managerial holdover from the Vista team that remained at the start of the Sinofsky era. Right now, it’s unclear how (or if) he’ll participate in the next versions of Windows.
  • As head of the Internet Explorer team, Dean Hachamovich contributed to the Windows 8 effort, but he was always viewed as something of an outsider — which isn’t necessarily bad. In November, Hachamovich announced he was headed to greener pastures, but details about his next stint at “something new” inside Microsoft have never been fleshed out. We’ll certainly see more of him, in a different role, in the future.

That leaves the holdout:

  • Where in the world is Antoine Leblond? He took over when Sinofsky left the Office effort, and shipped Office 2010. Then he jumped to the Windows group, FOS in 2010, and was given the dubious honor of keeping Windows Update and other Windows Web services running. Bloomberg’s Dina Bass reported in September that he had been switched over to “lining up applications for Windows 8,” a thankless task if ever there was one. Of course, Windows chief Terry Myerson knows all about WinRT apps, and as best I can tell he’s not said a word about Leblond in the new Windows organization. That’s too bad, because as much as many of us enjoy sniping at Leblond’s blog posts, he’s been a refreshingly straightforward spokesperson for Microsoft all through the Windows 7 and Windows 8 years.

Looking back on all of the recent shifts, I’m struck by four observations.

First, the lack of a Microsoft CEO heir (or at least the public announcement of an heir) hasn’t ground Myerson to a halt. He’s clearly moving ahead with his vision of where Windows should go.

Second, the anticipated triumvirate of new Windows versions may be disappointing for Windows desktop users. We don’t know for sure, but it looks like Microsoft will deliver a “modern” Metro (perhaps “Mod”?) version of Windows aimed for phones and tablets, a “consumer” version that may or may not look like Windows 8.1, and a “traditional” old fogey’s version of the desktop. With the old Windows management team gone, it’s going to be difficult bringing significant new features to the old fogey’s version — although the Windows Server folks may surprise us.

Third, many long-time Windows developers must be looking for greener pastures. That may not be bad, as Myerson clearly has a very different vision for Windows’ future.

Fourth — this is the point that strikes me hardest — the wholesale dismemberment of the Windows 8/8.1 management team says in no uncertain terms that the higher-ups at Microsoft, whomever they may be, are extremely disappointed with Windows 8.

I, for one, find that conclusion refreshing.

Via: infoworld

Blizzard Customer Support warns of dangerous Trojan

Blizzard Customer Support Agent Jurannok has taken to the forums to warn players of a dangerous Trojan — a virus that can enter players’ accounts even if they have an authenticator.

 

Jurannok

Hello,

We’ve been receiving reports regarding a dangerous Trojan that is being used to compromise player’s accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.

If your account has been compromised recently, I’d recommend looking for the Trojan. It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either “Disker” or “Disker64”. It will usually appear like this:


Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup

source

 

 

Jurannok

We are currently looking for more information on the Trojan. We have not been able to locate any anti-virus programs that will remove it besides just reformatting your system. If you have been recently compromised and find it on your system please reply with the following pieces of information.

Your MSInfo.

  • A list of any addons you recently installed along with where you got them.
  • A list of any programs you recently installed along with where you got them.
  • Any security programs you have run and their results.

source


Support Forum Agent Kaltonis has also confirmed that this applies to both mobile and key fob authenticators, and nor is there a way to spot it before it goes live, yet. In the meantime, if your account has recently been compromised, look for the Trojan. And if you should discover it, exercise extreme caution.

As Jurannok says, they haven’t yet found an anti-virus program that will remove it. And, of course, a trojan such as this could compromise your online security in many other ways outside your WoW account. In the meantime, do your best to stick to the account security advice given by Blizzard. It can’t hurt.

There is not currently any advice from Blizzard on what to do about it, with the exception of the note that the only way they have found to remove it is to re-format your system.

 

Via: joystiq

New CryptoLocker Spreads via Removable Drives

Trendmicro recently came across a CryptoLocker variant that had one notable feature—it has propagation routines.

Analysis of the malware, detected as WORM_CRILOCK.A, shows that this malware can spread via removable drives. This update is considered significant because this routine was unheard of in other CRILOCK variants. The addition of propagation routines means that the malware can easily spread, unlike other known CRILOCK variants.

Aside from its propagation technique, the new malware bears numerous differences from known CryptoLocker variants. Rather than relying on a downloader malware—often UPATRE— to infect systems, this malware pretends to be an activator for various software such as Adobe Photoshop and Microsoft Office in peer-to-peer (P2P) file sharing sites. Uploading the malware in P2P sites allows bad guys to easily infect systems without the need to create (and send) spammed messages.

Further analysis of WORM_CRILOCK reveals that it has a stark difference compared to previous variants. The malware has foregone domain generation algorithm (DGA). Instead, its command-and-control (C&C) servers are hardcoded into the malware. Hardcoding the URLs makes it easier to detect and block the related malicious URLs. DGA, on the other hand, may allow cybercriminals to evade detection as it uses a large number of potential domains. This could mean that the malware is still in the process of being refined and improved upon. Thus, we can expect latter variants to have the DGA capability.

The differences between this particular CRILOCK variant and the others have led some researchers to believe that this malware is the product of a copycat. Regardless of its creator, WORM_CRILOCK.A shows that this could become the new favored attack method of cybercriminals.

Users should avoid using P2P sites to get copies of software. They should always download software from official and/or reputable sites. Given WORM_CRILOCK’s ability to spread via removable drives, users should also exercise caution when using flash drives and the like. Users should never connect their drives into unfamiliar or unknown machines. Our blog entry, Defending Against CryptoLocker, discusses at length additional ways of protecting a computer and a network against CryptoLocker malware.

Trend Micro uses AEGIS (behavior monitoring) to detect and block all threats related to this malware. For more information on ransomware’s background, you may visit this page. You may also refer to our FAQ page on Cryptolocker for a more comprehensive view about the malware.

Via: trendmicro