IT Support and Hardware for Clinics
32.4K views | +7 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Netflix Is Dumping Anti-Virus, Presages Death Of An Industry

Netflix Is Dumping Anti-Virus, Presages Death Of An Industry | IT Support and Hardware for Clinics | Scoop.it

For years, nails have been hammering down on the coffin of anti-virus. But none have really put the beast to bed. An industry founded in the 1980s, a time when John McAfee was known as a pioneer rather than a tequila-downing rascal, has survived despite the rise of umpteen firms who claim to offer services that eradicate the need for anti-virus.

Now, however, movie streaming titan Netflix NFLX +7.34% is hammering a rather significant nail in that old coffin, one that could well lead to the industry’s final interment. Because Netflix, a well-known innovator in the tech sphere, is the first major web firm to openly dump its anti-virus, FORBES has learned. And where Netflix goes, others often follow; just look at the massive uptick of public cloud usage in recent years, following the company’s major investment in Amazon Web Services.


Let’s take a second to look at the decline of the anti-virus industry. Anti-virus has been the first line of defence for many firms over the last quarter of a century. Generally speaking, AV relies on malware signatures and behavioural analysis to uncover threats to people’s PCs and smartphones. But in the last 10 years, research has indicated AV is rarely successful in detecting smart malware. In 2014, Lastline Labs discovered only 51 per cent of AV scanners were able to detect new malware samples.

Despite its shortcomings, many are still required to keep hold of their AV product because they’re required to by compliance laws, in particular PCI DSS, the regulation covering payment card protections. There’s also the argument that AV is necessary to pick up the “background noise”, as Quocirca analyst Bob Tarzey describes it. “Despite more and more targeted attacks, random viruses are still rife and traditional AV is still good at dealing with these,” he claims. Major players, includingSymantec SYMC +5.00% and Kaspersky, continue to make significant sums, even if results aren’t stellar.


But it’s now possible to dump anti-virus altogether, and Netflix is about to prove it. The firm has found a vendor that covers those compliance demands in the form of SentinelOne. As SentinelOne CEO Tomer Weingarten told me, his firm was given third-party certification from the independent AV-TEST Institute, validating it can do just what anti-virus does in terms of protecting against known threats, whilst providing “an additional new layer of advanced threat protection”. Its end-point security doesn’t rely on signatures, it monitors every process on a device to check for irregularities and does not perform on-system scans or require massive updates like anti-virus, Weingarten said.


“Large enterprises are recognizing that anti-virus is not adding a lot of value to their security posture. Instead of just bolting on more and more layers, companies are looking for ways to reuse their anti-virus budget to achieve better security,” he added.


And that’s what Netflix has done. “It was three years ago we were doing a re-evaluation of anti-virus and out evaluation said that anti-virus is dead, so we’ve been trumpeting that for years,” Rob Fry, Netflix senior security architect, told FORBES. “The problem was there wasn’t really a replacement at the time. Fast-forward three years and now there’s next-generation everything. Then the next question is: how mature are they?


“The direction we decided to go was with a company called SentinelOne, who we’ve been working with for year and a half. They were a true replacement for end-point protection.

“We’re in the process of leaving anti-virus. We did not renew our anti-virus contract this year.”


He complained of poor support from his anti-virus provider, whom he chose not to name, noting Netflix simply “chose the one that sucked the least”. “The AV piece wasn’t even the most valuable thing, it was the URL filtering,” he added, referring to the blocking of malicious websites Netflix staff were visiting whilst on the corporate network.

For any CISOs out there, they’ll need some more convincing that SentinelOne really can do the job of finding low and high-grade malware. Aside from the AV-TEST Institute certification, there’s little in the way of third-party analysis of the company’s kit.


Skeptics on the death of anti-virus will have their voices heard too. “I don’t believe the era of anti-virus software is dead but that we need to evolve the technologies and other defences we use to properly address the variety and sophistication of the threats we face,” noted Brian Honan, security consultant.


But Netflix is unlikely to listen to naysayers. And it isn’t taking it easy on so-called “next-generation” kit either. In recent years, it decided to ditch FireEye, considered a major player in the post-AV anti-malware game. That’s not because of the quality of protection the firm offers, however, but the lack of application programming interfaces (APIs), Fry said.


APIs allow Netflix to hook up its various security systems so they worked concomitantly and could feed on each others’ data to provide more advanced security. When Fry goes looking for fresh vendors, there are two musts: a cloud strategy and APIs. As FireEye wasn’t willing to provide them at the time, Netflix moved over to ProtectWise, another advanced attack detection company, he told FORBES.

A FireEye spokesperson noted that since early 2014 FireEye has had a “rich, secure, documented and formally supported” API across the majority of its products. “These APIs are used by a broad selection of end-customers, reseller/managed service and technology integration partners,” they added.


What’s apparent with the spate of major cyberattacks seen this year, from Ashley Madison to Hacking Team TISI +% and theUS government, the world’s biggest firms are demanding more from the companies that have tried and failed to adequately protect them

more...
No comment yet.
Scoop.it!

We just learned more about Samsung's big competitor to Apple Pay

We just learned more about Samsung's big competitor to Apple Pay | IT Support and Hardware for Clinics | Scoop.it

Samsung announced its new mobile payments system months ago, but we just got our first look at how it actually works.

Samsung Pay will be available in the United States starting in September after first launching in South Korea this month.


Samsung's payment system is different than Apple's in one crucial way — it works at standard mobile payment terminals with magnetic stripe readers and NFC terminals. This means you can use Samsung Pay anywhere you can use a credit card, while you can only use Apple Pay and other payment solutions such as Google Wallet at retailers that have NFC terminals.


We've known about this for a while, but Samsung has just told us more about how you'll actually use the service when it launches. If you have Samsung Pay all set up, you can swipe up on the lock screen to select which card you want to pay with, as shown to the right.


This works even if your phone is asleep, so you don't have to turn on the display to start a payment transaction. From there, you can choose to authenticate your purchase by typing in a PIN or by pressing your fingerprint on the home button. Samsung also says its Knox software is integrated into Samsung Pay, which adds real-time hacking surveillance and encryption to the service.


Since Samsung Pay is compatible with both NFC and magnetic stripe terminals, your phone automatically decides to choose one or the other when you're making a purchase. 

more...
No comment yet.
Scoop.it!

Samsung Touts Video Chops With Two More Big Screen Phones

Samsung Touts Video Chops With Two More Big Screen Phones | IT Support and Hardware for Clinics | Scoop.it

As expected (and amply leaked), Samsung has today whipped back the curtain on a pair of new flagship smartphones, announcing two new phablets: the Galaxy Note 5 (pictured above) and the Galaxy S6 Edge+ at press events in New York and London.


The focus for Samsung here is bigger handsets that can do more with multimedia content, letting the user make use of additional screen real-estate for video editing or livestreaming, or multitasking with multiple content windows on screen.


The Korean giant doesn’t normally drop flagship smartphones in August but is presumably hoping to hog the limelight by announcing new kit in what is typically a fallow month for tech news — before the hype cycle spins up again come September, when Apple typically unboxes new iPhones. (In the event, Chinese mobile maker Xiaomi stole a march on Samsung’s phablet new by announcing its own pair of newbies earlier today.)


Here’s a quick rundown of the new additions to Samsung’s handset Galaxy, which will be landing in some 7,000 retail stores in the U.S. for preview starting from tomorrow (but on sale globally later this month):


Galaxy Note 5


The Galaxy Note 5 is the sequel to the 5.7-inch display Note 4, which launched back in September 2014. The display remains the same size (and same quad-HD res), but RAM has been beefed up to 4GB.


The design has also been tweaked to be thinner and slimmer, with a narrower bezel and curved back. The rear camera is still 16MP, but there’s now 5MP on the front. Both are f1.9.


The S-Pen stylus has also had an update — with an “all new” design, and, says Samsung, improved writing capabilities (albeit it said that at the last Note update…), including the ability to jot down info even when the screen is off.


Users can also now annotate PDF files using the S-Pen, and capture a whole website from top to bottom using a Scroll Capture feature. And the pen is easier to extract from its kennel inside the Note, thanks to a “one click” extraction mechanism.


Available colorways for the Note 5 are “Black Sapphire” and “White Pearl”. There are 32GB and 64GB variants (but no microSD card slot — a factor that’s going to continue to grate on long-time Samsung fans).


Galaxy S6 Edge+


The Galaxy S6 Edge+ updates one of two new flagships Samsung unboxed back in March at the Mobile World Congress trade show — namely the S6 Edge.

The flagship feature of that handset was a screen with curved edges. Those curves spill over now to the S6 Edge+ but the overall size of the screen has also been increased to phablet size — so it’s been bumped up from 5.1 inches to 5.7 inches. As with the S6 Edge, the curved edges can be used as a shortcut from any screen to access top contacts and apps, by swiping along the edge.


As with the Note 5, RAM has also been increased to 4GB. And the rear camera is 16MP, with a 5MP lens on the front.


Available colorways for the S6 Edge+ are “Black Sapphire” and “Gold Platinum” (below). And there are also 32GB and 64GB variants (but again no microSD card slot).


 

Multimedia focus


Both devices sport improved video stabilization when shooting from the front or rear camera, according to Samsung.  There’s also a new video collage mode that allows users to shoot and edit short videos more easily, adding various frames and effects. And a 4K Video filming feature to record content for 4K TVs.


A full HD Live Broadcast option lets users instantly stream video straight from the phone to any individual, group of contacts, or through YouTube Live — a la live streaming apps like Meerkat and Periscope. While Samsung touts other camera and audio improvements such as a quick launch feature (by double clicking the home button from any screen to jump into the camera), and support for UHQA for richer audio quality.


Both handsets also support Samsung Pay — the company’s forthcoming NFC and magnetic secure transmission mobile payment tech which it’s lining up as an Apple Pay rival.


There’s also embedded wireless charging on both, but wireless charger pads aren’t included — so that’s an additional accessory you’d have to have or buy yourself.

more...
No comment yet.
Scoop.it!

Windows 10 Ransomware Scam Represents Growing Trend in Malware

Windows 10 Ransomware Scam Represents Growing Trend in Malware | IT Support and Hardware for Clinics | Scoop.it

I don’t usually jump on the new software or device bandwagon immediately. I tend to wait until something has been on the market for a little while and let other people work the bugs out first. However, the release of Windows 10 intrigues me. I had the chance to talk to some people at RSA about it, and I’m not sure the last time I heard so much enthusiasm for a new Microsoft product.


The release came at the end of July, with the upgrade made available for free. Who doesn’t like free, right?

Consumers aren’t the only ones who appreciate a free upgrade, though. Scammers and bad guys are taking advantage of the Windows 10 launch, too, using phishing emails to spoof the arrival of the OS. As PC World explained, the scam does a very good job mimicking a legitimate Microsoft announcement regarding Windows 10. The difference, though, was this:


An attached .zip file purports to be a Windows 10 installer … the attachment contains a piece of ransomware called CTB-Locker that encrypts your files and requests payment within 96 hours, lets your files be encrypted forever.


I can’t imagine that anyone would be surprised that the bad guys would try to take advantage of the OS release. However, according to Cisco’s midyear report, using ransomware is part of a growing trend with hackers using social and breaking news events to deliver ransomware. According to the report, ransomware has really stepped up its game, with improved professional development to encourage innovation and to ensure that the malware brings in financial gains.

The Cisco blog explained more about how it works:


The ransoms demanded are usually affordable, generally a few hundred dollars depending on the bitcoin exchange rate. Criminals appear to have done their market research to determine the right price points for the best results: Fees are not so high that victims will refuse to pay or will tip of law enforcement. Ransomware authors keep their risk of detection low by using channels such as Tor and the Invisible Internet Project to communicate, and they use bitcoin so that financial transactions are difficult for law enforcement to trace.


Will we see more problems with ransomware going forward? I suspect the answer is “Yes,” especially as the developers get smarter about manipulating the ransom for their own gain. (Remember, as successful as Cryptolocker was at locking down a computer’s data, too many weren’t able to pay the ransom with Bitcoin, and, in turn, the developers weren’t able to make the money they planned to make.) We know that the spammers are very good at faking us out with phishing attacks. So enjoy your new Windows 10 upgrade. Just download with a lot of caution.

more...
No comment yet.
Scoop.it!

Adobe patches Flash zero-day found in Hacking Team data breach

Adobe patches Flash zero-day found in Hacking Team data breach | IT Support and Hardware for Clinics | Scoop.it

The massive Hacking Team data breach led to the release of 400GB worth of data including a zero-day vulnerability for Adobe Flash. Adobe has released an out-of-band patch for the flaw just two days after it was discovered.


The vulnerability was described by the Hacking Team in a readme file in the data dump as "the most beautiful Flash bug for the last four years". Accompanying the readme in the data was a proof-of-concept exploit of the flaw.


Adobe categorized the vulnerability (CVE-2015-5119) as critical and said it affects Flash Player versions 18.0.0.194 and earlier on Windows and Mac, and versions 11.2.202.468 and earlier on Linux. Successful exploitation of the flaw could allow remote code execution.


Security researcher Kafeine found that the vulnerability has already been added to the Angler, Fiddler, Nuclear and Neutrino exploit kits. Because of this, admins are recommended to apply the patch as soon as possible.


Also found in the Hacking Team data was another Adobe Flash zero-day (CVE-2015-0349), which was patched in April, and a zero-day affecting the Windows kernel. The inclusion of these zero-days has caused experts to question if these exploits are being used by Hacking Team clients, including law enforcement and governments.


"As many governments move to try and control malware and offensive security tools, some have been caught with their own hands in the cookie jar, leading many to wonder how and why governments and agencies listed as Hacking Team clients are using these tools and if they are doing so lawfully," said Ken Westin, security analyst for Tripwire. "Given the depth and amount of data compromised in this breach, it will reveal a great deal about the market for offensive tools designed for espionage with a great deal of fallout and embarrassment for some organizations."


Hacking Team spokesman Eric Rabe confirmed the breach and said that while law enforcement is investigating, the company suggests its clients suspend the use of its surveillance tools until it can be determined what exactly has been exposed.


In a new statement, Rabe warned that its software could be used by anyone because "sufficient code was released to permit anyone to deploy the software against any target of their choice.


"Before the attack, HackingTeam could control who had access to the technology that was sold exclusively to governments and government agencies," Rabe wrote. "Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so. We believe this is an extremely dangerous situation."

more...
No comment yet.
Scoop.it!

Messaging And The Apple Watch

Messaging And The Apple Watch | IT Support and Hardware for Clinics | Scoop.it

Although the Apple Watch boasts the ability to instantly notify users with important updates — breaking news stories, changes to their bank account or the achievement of a fitness goal — its 42mm screen can be a major constraint for developers and designers.


This is especially true for messaging applications, which must figure out how to create an essentials-only design that enables two-way communication without the luxury of a keyboard. When designing a messaging application for the Apple Watch there are several key considerations that must be kept in mind to ensure developers are creating something people will actually use.

Is the Apple Watch Worthy?

Jonathan Ive’s team developed the Apple Watch to help solve the problem they themselves created: smartphone addiction. Between the constant influx of notifications and the 24/7 connectivity to work, we are prisoners of our own devices.


Reluctantly, I’ll admit that I’m guilty of this in my personal life. As I play with my kids on a Saturday afternoon in the park, I can’t help but discreetly sneak a look at my phone every few minutes. We just cannot free ourselves from the thought of missing something important.


While critics claim otherwise, the Apple Watch actually frees us from our constant surreptitious phone-checking habit. By filtering the most important alerts and providing immediate notifications that can be absorbed with a glance, the Apple Watch causes users to pick up their phone less frequently and only for matters that involve a response.

Between the constant influx of notifications and the 24/7 connectivity to work, we are prisoners of our own devices.

Given the nature and purpose of the Apple Watch, the first question companies should ask is whether or not their business app interaction is worthy of immediate interruption. For enterprise messaging, the answer is a resounding Yes. The instant nature of messaging lends itself naturally for a new communication medium like the Apple Watch.

Starting From Scratch

Just like every app does not belong on the Apple Watch, every iPhone interface will not transfer to the face of a wristwatch. Over-simplification is important. You may think your iPhone app is sleek and simple, but everything changes when you drastically reduce the screen size.

Simplifying isn’t just about design; it’s about reducing the number of available features on the app. Many of the browsing or text-heavy portions of a smartphone platform are no longer applicable on the watch form factor, requiring developers to determine which features are used the most and eliminate the rest.

Color palettes on the Apple Watch also matter. Despite the assumption that a color palette would be the easiest part of the Apple Watch transition, it usually cannot be replicated from the smartphone. The Apple Watch’s black background and small screen size completely change the game, meaning that the de-saturated colors often used in traditional branding appear muted and are difficult to read, which forces designers to switch over to bright, high-contrast colors.

The Need For Context-Intelligent Responses

First and foremost, the Apple Watch is a notification platform. Punching out a lengthy message isn’t feasible without a keyboard, so messaging apps face a unique challenge not met by notification-based platforms. As we worked to solve this problem, we kept coming back to one central theme: speed.


Apple Watch users should be able to glance down at their wrist, instantly absorb the information they need and move on with their day. This is why Apple’s User Interface Guidelines suggest that app developers keep all interactions with the watch to less than 30 seconds.


With a 30-second time constraint, how do you empower users to read a notification and reply, while avoiding the often-awkward voice response? We focused on context-intelligent emojis and canned text responses to reply quickly. While the basic forms of both of these technologies have been available for years, they lacked context and the ability to accurately predict a user’s reply. That’s beginning to change.


Right now, enterprise messaging applications offer a series of canned responses, such as “Yes, I’m available now” or “We closed the deal.” Eventually, messaging applications will be able to gather relevant data to enable the creation of personalized and relevant response options.

For example, if a colleague asks to do lunch at 1pm, the app could gather information from a user’s calendar, current location, past preferences and outside data (such as access to OpenTable) to suggest personalized responses, such as “I’m not available until 1:30. Let’s meet at Salt House on Mission Street. They have tables available at that time.”

Looking Ahead

With the recent watchOS 2 announcement, which will support native apps as well as third-party complications, it is clear Apple views enriched third-party apps as critical to delivering a fully integrated wearable experience. Still, the full potential of messaging apps will not be realized until the Apple Watch can function without the iPhone.

Independent of this crutch, and with the capabilities of everything from instant communication to project management, the Apple Watch stands to become the ultimate convener, allowing users to seamlessly manage both their personal and professional lives.

more...
No comment yet.
Scoop.it!

Skype for Business arrives on Windows Phone, but lacking a key feature for Office 365

Skype for Business arrives on Windows Phone, but lacking a key feature for Office 365 | IT Support and Hardware for Clinics | Scoop.it

Although Microsoft has now brought Skype for Business to Windows Phone, its own business customers—those who subscribe to Office 365—may be disappointed to learn that one key feature hasn’t yet been implemented: conversation syncing.


Skype for Business has already replaced Lync on desktop PCs and the Web, and Windows Phone 8.1 phones will automatically download the new Skype for Business app to replace Lync 2013. (Windows Phone 8.0 users can continue using Lync 2013 or Lync 2010; those phones won’t be able to update to the new app.) 



Given the fact that a phone has limited space with which to work, one change that Microsoft has made to the app is to “wall off” extraneous conversations. If a new message arrives on your phone, you’ll have the option to answer it without other clients' grabbing the conversation, Microsoft said. Microsoft has also encrypted your conversation and voice mail history by default.


One of the complaints Skype users have had, however, is that conversations that roam between various platforms don’t sync appropriately, meaning that you might end up with notifications being sent to your PC some time before they arrive on your phone. Microsoft apparently solved that problem, provided you’re running the latest server software—just not for Office 365 users. That capability will be coming soon, the company said.


Otherwise, the new Skype for Business app for Windows Phone features the Skype UI and 100 new emoticons, to give it a bit of extra punch.


Last week the Skype for Business team previewed a “broadcast” feature that will allow meetings to be shown to up to 10,000 participants. The app now also works with traditional telephones, so that users can simply dial in to conference calls.


Why this matters: To its credit, Microsoft has launched Skype for Business on Windows Phone, ahead of iOS and Android—not always the case, to be sure. Still, I suspect that some IT admins wish that Microsoft would get its ducks in a row before releasing the Windows Phone app. Not knowing where you are in a business conversation can give the appearance that you’re unprofessional—and it’s also just plain annoying.

more...
No comment yet.
Scoop.it!

Windows 10 likely to land at PC makers this week

Windows 10 likely to land at PC makers this week | IT Support and Hardware for Clinics | Scoop.it

Microsoft keeps wending its way past the mile markers en route to getting Windows 10 out to the public on time.


The software titan is putting the finishing touches on the operating system software and will finalize its prerelease development by July 10, The Verge is reporting, citing people who claim to have knowledge of the company's plans. This version ofWindows 10, called "release to manufacturing," will then be sent to PC makers to be bundled into their products.


Windows 10, which is slated to launch on July 29, comes at a critical time for Microsoft. While Windows overall remains the dominant force in desktop operating systems, running on over 90 percent of computers worldwide, according to NetMarketShare, the last big release -- Windows 8 -- proved a marked disappointment. According to NetMarketShare, Windows 8 musters just 13 percent market share worldwide, far behind the 61 percent share for Windows 7 and just ahead the 12 percent share for the now ancient Windows XP.


The issues with Windows 8 were numerous, ranging from Microsoft's design choice, called Metro, to a steep learning curve for those used to the old days of Windows. Windows 8, which launched in 2012, also came as consumers and business users were increasingly attracted to tablets and smartphones, which typically ran either Apple's iOS software or Google's Android.


Microsoft tried to respond by offering its own tablet, the Surface, and partner with third-party tablet manufacturers. The efforts, however, have done little to kick Android and iOS from the top spots.

Realizing its own miscues and the changing market dynamics, Microsoft has tried to address its Windows 8 woes with Windows 10.


The Start button is back and the design a bit more traditional, while Microsoft CEO Satya Nadella has made clear that Microsoft is a "mobile-first (and cloud-first)" company that will allow for Windows 10 to run on multiple device types without sacrificing features. To boost adoption, Microsoft will offer free upgrades to customers currently running Windows 7 and Windows 8 -- a first for the company. Microsoft has even softened its stance in its longstanding battle with pirates, saying that any pirated copy of Windows can be upgraded to Windows 10 free-of-charge.


For months now, Microsoft has been offering preview versions of Windows 10 to developers and consumers who want to take the operating system for a test drive. Operating systems go through a series of "builds," or versions, during their development phase. Once the company's development team has finalized the operating system, it goes into RTM phase, which means it's ready to be passed on to hardware vendors for bundling into the PCs they sell. Assuming the report is accurate, hitting the RTM phase this week would ensure Windows 10 would be available later this month, as anticipated.

That said, while Microsoft seems to be on-pace for a July 29 launch, the company has cautioned thatthe rollout could be slow going.


Microsoft said last week that it "will start rolling out Windows 10" on July 29, but will roll out the operating system "in waves" after that date.

"Each day of the rollout, we will listen, learn and update the experience for all Windows 10 users," the company said in a blog post. "If you reserved your copy of Windows 10, we will notify you once our compatibility work confirms you will have a great experience, and Windows 10 has been downloaded on your system."


The blog post seems to indicate that while Windows 10 may be released to PC vendors soon, it will continue to fine-tune the operating system after the July 29 launch date.


Microsoft has yet to say when its operating system will hit the RTM phase, but in the past, the company has announced the milestone on its site. Microsoft will likely do the same with Windows 10, once it has officially gone RTM.

more...
No comment yet.
Scoop.it!

Apple’s next big iPhone update will turn your iPhone 6 into an iPhone 5/5s to save battery life

Apple’s next big iPhone update will turn your iPhone 6 into an iPhone 5/5s to save battery life | IT Support and Hardware for Clinics | Scoop.it

Apple's next big iPhone update comes with a feature that helps you get the most out of your iPhone's battery, especially when it's already running low on juice.


Naturally, this means your iPhone has to cut back on some of its normal functionality to conserve power.


New tests run by blog MacRumors show us just exactly how much this low power mode dials back your iPhone's performance.


MacRumors used GeekBench, a popular tool used to measure how a smartphone's processor performs, to conclude that low power mode reduces performance by about 40%. This means your iPhone 6 would be on par with an iPhone 5s or iPhone 5 in terms of performance, as 9to5Mac points out.


If you turn on the feature, your iPhone will automatically kick into Low Power Mode when it's nearly out of battery. Your iPhone will cut back on background activity, such as fetching email, automatic downloads, and visual effects such as the parallax wallpapers.


It seems like a welcome trade-off though — during its annual developers conference keynote earlier this month, Apple said Low Power Mode in iOS 9 can extend your iPhone's battery life by three hours.  


Adding new features like this is important for both iPhone and Android. In general, battery technology for smartphones hasn't really advanced dramatically in the past several years. So it's up to the companies making software for smartphones to make sure their operating systems are optimized to get the most out of these batteries. 

more...
No comment yet.
Scoop.it!

Apple Obtains Touch ID-Related Patents From Biometric Security Firm Privaris

Apple Obtains Touch ID-Related Patents From Biometric Security Firm Privaris | IT Support and Hardware for Clinics | Scoop.it

Apple has been working to acquire the intellectual property assets of Charlottesville, Virginia-based biometric security firm Privaris, according to CNN. Privaris recently transferred 26 of its 31 patents to the iPhone maker, including 4 patents in December 2012 and dozens more in October 2014

The patents are primarily related to fingerprint and touchscreen technology that could lead to Touch ID improvements on future devices. Last February, well-informed KGI Securities analyst Ming-Chi Kuo told investors that the next iPhone will have animproved Touch ID with reduced errors.


"For example, one of Privaris' patents covers the ability to use a touchscreen and fingerprint reader at the same time. Another invention of Privaris' could allow you to open a door with your iPhone by scanning your fingerprint and holding your phone up to a reader, similar to how you pay for items with Apple Pay."


While the transferred patents have fueled acquisition rumors, the Privaris website has not been updated since 2010 and seemingly none of the company's senior executives or other employees have updated their LinkedIn profiles with positions at Apple. 

Accordingly, it is more likely that Privaris has scaled down or went out of business and Apple has acquired the company's patent portfolio and other intellectual property. However, the possibility of an acquisition cannot be entirely ruled out. 

Privaris, which reportedly raised $29 million in funding, developed a lineup of PlusID personal biometric devices to access computers, networks, websites, software, VPNs, secured printers and online apps. 

The company has also offered several other products and services related to access control systems, fingerprint authentication, biometric computer security, biometric security software and access cards, all technologies that fall within the realm of Touch ID. 

more...
No comment yet.
Scoop.it!

Archos $99 Windows 10 PC-on-a-stick is best deal yet for a tiny PC | News | Geek.com

Archos $99 Windows 10 PC-on-a-stick is best deal yet for a tiny PC | News | Geek.com | IT Support and Hardware for Clinics | Scoop.it

It wasn’t that long ago that geeks walked around with a pocket full of flash drives. Today, you can stuff them with entire computers instead — like this new one from Archos. Intel has their Compute Stick. Lenovo has the IdeaCentre Stick 300. So, what did Archos whip up? Fittingly enough, they call it the Stick PC.


Like Lenovo did with their stick, Archos stayed true to Intel’s reference design. The PC Stick runs on the same quad-core Intel Atom Z3735F clocked at 1.3GHz, has just 2GB of RAM, and 32GB of internal storage. You’ll have less available to use since Windows 10 comes pre-installed, of course, but you can pop in a microSD card or connect an external hard drive or SSD to the Stick PC’s full-sized USB port. As far as connectivity goes, Bluetooth 4.0 and 802.11bgn WiFi support is built in.


The Stick PC measures just 4.4 inches tall by an inch-and0-a-half wide, and it’s about half of an inch thick. You’ll barely notice it in your pants pocket, and there’s a good chance it might end up going through a wash cycle or two as a result.


Really, the only big difference you can see between the Archos PC Stick and the other two I’ve mentioned here is that it’s blue. Well, that, and the ridiculously low price tag. Archos plans to sell the PC Stick for just $99. That’s a heck of a good deal considering it’s the same thing Lenovo wants to sell you for $129 and the Compute Stick is priced at $149.

more...
No comment yet.
Scoop.it!

Samsung doesn't want Windows Update running on your computer

Samsung doesn't want Windows Update running on your computer | IT Support and Hardware for Clinics | Scoop.it

As if you needed another reason to do a clean install of WIndows with any new computer, Samsung's got you covered. It turns out that a piece of the bloatware from the OEM is apparently disabling Windows Update because it interferes with Samsung's own software updater.


The one that, as you might infer, keeps its bloatware up to date on Windows desktops and laptops. A Microsoft MVP (community member, not Redmond employee) chatted with a Samsung customer service rep, asking why this was happening and the rep replied that Windows Update will install drivers for all the hardware on a machine that may or may not work. So, it prevents such a thing by keeping Windows Update turned off. Fine if you aren't worried about security updates but love keeping things like Samsung's auto-back-up tools up to date. It's almost like Samsung wasn't paying attention to Lenovo and Superfish earlier this year.

more...
No comment yet.
Scoop.it!

Will Sony Settle Cyber-Attack Lawsuit?

Will Sony Settle Cyber-Attack Lawsuit? | IT Support and Hardware for Clinics | Scoop.it

Did Sony underspend on information security, thus contributing to the success of the devastating hack attack against it, which came to light in November 2014? And can a business be held legally accountable by employees for their employer's information security shortcomings?


Those questions are central to a lawsuit filed by Michael Corona and eight other former Sony employees in the wake of what plaintiffs rightly dub a data breach "epic nightmare, much better suited to a cinematic thriller than to real life." Their suit accuses Sony of having failed to put an effective information security program in place, despite having previously suffered repeated, serious attacks.


 An epic nightmare, much better suited to a cinematic thriller than to real life. 


"Sony failed to secure its computer systems, servers and databases, despite weaknesses that it has known about for years," the lawsuit alleges, citing in part a September 2014 audit by PricewatershouseCoopers, which found that Sony's information security and monitoring practices fell below "prudent industry standards."


The lawsuit further alleges that nearly 100 terabytes of data was stolen, including 47,000 Social Security numbers and personally identifiable information for at least 15,000 current and former employees, some of whom had not worked for the studio since 1955. As a result, breach victims "face ongoing future vulnerability to identity theft, medical theft, tax fraud, and financial theft," the lawsuit plaintiffs allege. "In fact, plaintiffs' PII has already been traded on black market websites and used by identity thieves."

Lawsuit Ruling

Sony asked a court to dismiss the suit, and U.S. District Judge R. Gary Klausner this week did dismiss some parts, including allegations of breach of contract and that Sony failed to notify breach victims in a timely manner.


But in a setback for Sony, the judge ruled that other parts of the lawsuit can proceed, although he has yet to rule on the merits of these claims, including plaintiffs' allegation that Sony "made a business decision to accept the risk of losses associated with being hacked." The federal judge also agreed with the former employees' allegation that "to receive compensation and employment benefits, they were required to provide their PII to Sony." While many data breach lawsuits get dismissed on the grounds that the breach did not cause any economic harm to people whose information was stolen, Klausner said that by requiring employees' PII, Sony created a "special relationship that provides an exception to the economic loss doctrine."


Michael Sobol, an attorney for the plaintiffs, told the BBC, "We are pleased that the court has properly recognized the harm to Sony's employees."


A spokeswoman for Sony Pictures Entertainment did not immediately respond to a request for comment on the ruling.


In the wake of the 2014 attack, at least nine other lawsuits were filed against Sony by individual former employees. Like the Corona suit, all of these lawsuits seek class-action status, meaning they would include all current and former employees who were affected by the cyber-attack.

Wiper Malware Attack

To recap: Sony suffered a devastating wiper malware attack in November 2014, ostensibly designed to punish the company for releasing "The Interview," a satiric film starring James Franco and Seth Rogan that featured the fictional death of North Korean leader Kim Jong-un.


But before the attackers unleashed their wiper malware and began erasing Sony hard drives and bricking laptops, they penetrated Sony's network and stolen tens of terabytes of data, including copies of unreleased movies and the script for the upcoming James Bond film "Spectre," as well as numerous private email exchanges, all of which the attackers began leaking.


Sony, in a December 2014 breach notification filed with California state authorities, reported that the breach appeared to compromise current and former employees' names, addresses, Social Security numbers, driver's licenses and passport numbers, corporate credit card information, usernames and passwords, and salaries. Sony also warned that individuals' "HIPAA-protected health information" may have been exposed, including medical diagnoses, dates of birth, health plan identification numbers, and personal and health-related information.


As noted in Corona's lawsuit, large amounts of this information were leaked to the Internet by attackers and likely remain in circulation.

Lawsuit Resolution: Unclear

What will happen next in the Sony class-action lawsuit saga, of course, is not clear. But based on past breach-related lawsuits, it's likely that unless the lawsuit gets dismissed, Sony will ultimately settle, rather than risk a jury trial and ruling that might give breach victims more rights.


If Sony did make a business decision to underspend on security, it was a costly move. In February, Sony said in an earnings report that it expected to spend $35 million in cleanup costs through the end of its fiscal year in March, largely related to restoring the company's "financial and IT systems." But as the multiple lawsuits highlight, Sony faces continuing legal costs, as well as the risk that it will eventually have to pay damages or settlements.


But any such settlement likely would not happen soon. Indeed, Sony only settled a lawsuit filed in the wake of its April 2011 breach - a year in which the company fell victim to more than a dozen breaches - in June 2014. That breach exposed personal information for 77 million users of the Sony PlayStation Network and Qriocity services.


By that timeline, the lawsuits stemming from the 2014 Sony cyber-attack may not be resolved until at least 2017.

more...
No comment yet.
Scoop.it!

Apple adds Windows 10 support to Boot Camp for all Macs released after 2012

Apple adds Windows 10 support to Boot Camp for all Macs released after 2012 | IT Support and Hardware for Clinics | Scoop.it

If you're one of those people who runs Windows on your Mac, good news: Apple has just released Boot Camp 6, which brings updated drivers and official support for Windows 10 to the company's hardware. New installs of Windows using the Boot Camp Assistant tool should download the new drivers automatically, and those of you performing upgrade installs can use the Windows version of Apple's Software Update tool to download the new drivers before performing the Windows 10 upgrade install.


The new Boot Camp update supports all iMacs, Mac Minis, Mac Pros, MacBook Pros, MacBooks Airs, and MacBooks released after 2012; that's not to say that you can't get it working on older Macs, but you're on your own. If that seems a bit stingy, remember that most PC OEMs aren't officially supporting systems older than 2012 either. The Boot Camp software still supports Windows 8.1, too, but official Windows 7 support was dropped back in March.


Boot Camp 6 brings new drivers but not many other features—the Boot Camp Control Panel is still barebones, and still uses OS X 10.4-era folder icons. If you want to do anything more complicated than tap-to-click with your multitouch trackpad, you'll need to use a third-party driver like TrackPad++, which actually does do a decent job of supporting Windows 10's new trackpad gestures once you've played with the settings a bit.


Otherwise, upgrading from a fully activated version of Windows 7 or 8.x to Windows 10 on a Mac with a Boot Camp partition will work pretty much the same way as it does on a PC, including the oddities involved in getting a new product key and performing clean, properly activated installs.

more...
No comment yet.
Scoop.it!

Classic Shell and Start10 banish Windows 10 Live Tiles, bring back Windows 7 look

Classic Shell and Start10 banish Windows 10 Live Tiles, bring back Windows 7 look | IT Support and Hardware for Clinics | Scoop.it

For anyone having regrets about upgrading to Windows 10, there are now two good options for bringing back the look of Windows 7.

This week, Classic Shell officially added Windows 10 to support for its free Start menu and File Explorer replacement. With this program (pictured above), users can switch to Windows 7’s dual-column view, with pinned and recent applications on the left, and common folders and locations on the right. Classic Shell also includes a classic version of the Windows File Explorer, with a customizable toolbar and a more useful status bar that shows both free disk space and the size of any selected folder.


Meanwhile, Stardock has just released Start10 out of beta for $5. Much like Classic Shell, Start10 allows for a two-column view that resembles the Windows 7 Start menu, and brings back the ”all programs” menu that groups applications into folders. There’s also an option to hide Cortana from the Windows 10 taskbar, while restoring program and file search in the Start menu proper.



I gave each of these programs a quick go-round, and in practice the differences between them are subtle. If you’re just looking for the familiarity of Windows 7, either one should do the trick (though Classic Shell has the advantage of costing nothing). Start10 may be more useful for people who still want access to Windows Store apps, as you can preserve them in the right-hand column while tweaking other aspects of the Start menu. Both apps have plenty of customization options, however, and are far more flexible than the default Start menu.


While Classic Shell is free, Start10 does offer a 30-day free trial, so you can try them both to figure out which Start menu replacement suits your needs.


Why this matters: Although Microsoft has dialed back some of the radical changes that it made to the Start menu in Windows 8, it can still feel pretty unfamiliar coming from Windows 7. If you’re not really using Windows Store apps, the emphasis on Live Tiles in Windows 10 isn’t much help, especially since it comes at the expense of Jump Lists, quick Control Panel access and the old Recent Items shortcut. It’s unlikely that these replacements will see the tens of millions of downloads that they did with Windows 8, but they’re still helpful for people who’d rather keep things the way they used to be.

more...
Scoop.it!

New Android 'Certifi-gate' Bug Found

New Android 'Certifi-gate' Bug Found | IT Support and Hardware for Clinics | Scoop.it

Following the news of the discovery of the Stagefright flaw - characterized by many security researchers as the worst vulnerability ever to be found on devices that run Google's Android operating system - details of yet another major flaw in were unveiled August 6 at the Black Hat conference in Las Vegas.


But Google and some original equipment manufacturers have finally promised that they will soon begin releasing monthly platform and security updates for some Android devices, to better safeguard users against such vulnerabilities.


Security vendor Check Point Software Technologies says the new flaw, which it has dubbed "Certifi-gate," is due to components present in the Android operating system that are digitally signed, but vulnerable to attack, and that these flaws could be "very easily exploited" to gain full, unrestricted access to vulnerable devices. As the result of a successful attack, accordingly, attackers could infect the devices with malware, exfiltrate data, remotely activate and monitor microphones or built-in cameras, and track the device's location.


"Certifi-gate is a set of vulnerabilities in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device," Check Point says in a blog post. "[These apps] allow remote personnel to offer customers personalized technical support for their devices by replicating a device's screen and by simulating screen clicks at a remote console."


Check Point says the vulnerabilities are present in hundreds of millions of Android devices, including smartphones and tablets manufactured by HTC, LG, Samsung and ZTE. It says the flaw affects a number of versions of the Android OS, including the latest Android "Lollipop" versions 5.0 and 5.1. The security firm says it has notified Google and all affected manufacturers, and that some related updates are starting to be released. Check Point also launched a free tool - the Check Point Certifi-gate Scanner - that will scan an Android device for the presence of the flaw.


Google did not respond to a request for comment about the flaw or related patches. But Check Point says that the vulnerable Android components' certificates cannot be remotely revoked by OEMs, and that they will have to issue a new, patched version of Android for each device they still support. But while some vendors patch quickly, others have been slow to release fixes - if at all.

Coming Soon: Stagefright Fixes

Google has long maintained Android as an open source project, and stated that it is up to manufacturers and carriers to decide how or if they will patch their own devices. The only exception to that approach has been the Nexus range of devices, which Google manufacturers, and which run a stock version of Android.


But the severity of the Stagefright flaw - and many equipment manufacturers' and carriers' slow or nonexistent patching practices - has triggered serious existential questions about the future of the Android operating system, including whether enterprises should now begin treating unpatched Android devices as a security threat and blocking them.


Appearing to respond to such criticism, Google this week reported that many manufacturers - including Samsung, HTC, LG, Sony, Android One and Google's own Motorola - will begin releasing Stagefright patches later this week. In an Aug. 5 blog post Adrian Ludwig, lead engineer for Android Security, and Venkat Rapaka, director of Nexus product management, reported that patches were already starting to be released for all devices from Nexus 4 to 10, as well as Nexus Player. "This security update contains fixes for issues in bulletins provided to partners through July 2015, including fixes for the libStageFright issues," they said. "At the same time, the fixes will be released to the public via the Android Open Source Project."

The same day, speaking at Black Hat, Ludwig also promised that OEMs will soon begin releasing related fixes. "My guess is that this is the single largest software update the world has ever seen," Ludwig said. "Hundreds of millions of devices are going to be updated in the next few days. It's incredible."

Some Monthly Android Patches Promised

But the need for Google to rally manufacturers for a one-off fix for such a serious flaw also highlights how existing approaches too often fail to put fixes for critical bugs on users' devices, at least in a timely manner. Finally, responding to years of criticism from security experts over the paucity of patches for Android devices, Samsung and LG have promised to implement monthly patch updates for their Android devices, as has Google with its Nexus line.


"Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store," Ludwig and Rapaka say in their blog post.


The move echoes a similar monthly patch-release strategy introduced by Microsoft for Windows, beginning in October 2003, to combat the rise in serious vulnerabilities found in its operating system.

Samsung and LG have also promised to release monthly patches, although have not stated how long they will support devices, after they have been released. "With the recent security issues, we have been rethinking the approach to getting security updates to our devices in a more timely manner," says Dong Jin Koh, who leads the mobile research and development group at Samsung Electronics, which makes the popular Galaxy series of smartphones and tablets, amongst other devices that run Android. "Since software is constantly exploited in new ways, developing a fast response process to deliver security patches to our devices is critical to keep them protected."


Likewise, an LG spokeswoman says in a statement that "LG will be providing security updates on a monthly basis which carriers will then be able to make available to customers immediately" and that "we believe these important steps will demonstrate to LG customers that security is our highest priority." What is not clear, however, is how quickly carriers might then distribute those fixes to their subscribers.

more...
No comment yet.
Scoop.it!

What hospitals need to know about Windows 10

What hospitals need to know about Windows 10 | IT Support and Hardware for Clinics | Scoop.it

The arrival of a new Microsoft operating system does not exactly bring the same excitement that it once did.


Indeed, since about the time Windows Vista launched, subsequent operating systems have come – and in the odd case of Windows 9 essentially vanished – without the fanfare of Windows 95, XP or 2000.

The company has at least managed to create enough wattage around Windows 10, however, that some 5 million so-called Windows Insiders installed early versions to test the software in development – and word slipped out this week that the planned flagship Microsoft store on Fifth Avenue in Manhattan will open in the fall.


A critical piece of the renewed interest is how Microsoft is breaking new ground with a phased approach to what CEO Satya Nadella dubbed the "One Windows" strategy, beginning July 29 when the OS became available for PCs and tablets.


The aim is to upgrade systems currently running Windows 7 and 8 in the near-term and follow that with Windows 10 Mobile later this year, and devices from Microsoft’s harem of hardware partners are slated to become available before the holiday season. Beyond that, Microsoft intends Windows 10 to serve as the operating system for a range of Internet of Things devices, including its own Surface Hub conference systems and HoloLens holographic glasses, among others.


When that “One Windows” day comes, the sales pitch goes, hospitals will be able to consolidate varying devices onto Windows 10 and the fact that the upgrade is free for systems already running Windows 7, 8.1 or 8.1 Mobile should entice many IT shops to install it; for those still using an older OS, the price tag is $199 for the professional version.

Microsoft, in the meantime, has incorporated some healthcare-centric functionality into Windows 10.


On one of its web pages the company showed the operating system’s capability to “snap together” different applications and, in so doing, enable a clinician to view a patient’s EMR next to a home health app.

A Power BI function can "gather, analyze and visualize quality of care data," while the Power Map feature enables users to combine and compare a hospital's own information with population health statistics. Microsoft also pointed to programs including Office 365, OneNote, SharePoint and Skype that can be used for care management and information sharing.

Later this year, when Windows 10 Mobile becomes available, it will make syncing apps across smartphones, tablets and PCs easier. Now, that’s not likely to inspire CIOs to rip and replace existing smartphones anytime soon, but the ability to coordinate a Windows-based phone with a Surface tablet will invariably have some appeal to a select crowd.


That’s just a taste and Microsoft said that it will be showing more of Windows 10 health capabilities moving forward.


The new OS also brings many broader functions, such as the return of the old Start menu, the new Edge browser, Cortana virtual assistant, and the usual suspects of upgraded apps for mail. Maps, music, photos, and OneDrive to back them up.


Much like its competitors Apple, IBM, Google and Oracle, Microsoft has been ramping up efforts particular to healthcare lately. Earlier this month, for instance, when it unwrapped the Cortana Analytics Suite, Microsoft also revealed that Dartmouth-Hitchcock is already using the tools in a personalized medicine pilot project.


Whether Windows 10 will enjoy the widespread adoption of XP or languish like Vista remains to be seen. But at this point – and with Microsoft's marketing machine stating that the company is gunning to upgrade 1 billion devices to Windows 10  the former appears more likely than the latter. 


What's your perspective? Just another Microsoft OS or a great reason to upgrade?

more...
Scoop.it!

A government key to unlock your encrypted messages has major problems and security experts are up in arms

A government key to unlock your encrypted messages has major problems and security experts are up in arms | IT Support and Hardware for Clinics | Scoop.it

Top computer scientists and security experts are warning that government proposals to gain special access to encrypted communications could result in significant dangers. 

A consortium of world-renowned security experts has penned a report detailing the harm that regulating encryption would cause, writes the New York Times


Hard encryption — which global authorities are now trying to combat — is a way to mathematically cipher digital communications and is widely considered the most secure way to communicate online to avoid external snooping. 


This follows news last week that British Prime Minister David Cameron made a proposal to ban encryption as a way to "ensure that terrorists do not have a safe space in which to communicate."  


Since then, experts have begun weighing in about the effect of such drastic measures. This includes well-known cryptographer Bruce Schneier, who told Business Insider that such a strong encryption ban would "destroy the internet."

The new report, which was released today, takes a similarly hard stance. "The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws," it writes. Not only that, but federal authorities have yet to explain exactly how they planned to gain "exceptional access" to private communications.


The report concludes, "The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict." In short, the experts believe that trying to put limitations on encrypted communications would create myriad problems for everyone involved. 


This sort of fissure between security experts and federal authorities isn’t new. In fact, a similar proposal was made by the Clinton Administration in 1997 that also took aim at hard cryptography. Back then, a group of experts — many of whom are authors on this new report — also wrote critically about the anti-encryption efforts.

In the end, the security experts prevailed. 


Now, it’s not so certain. FBI director James Comey has joined the ant-encryption brigade, saying that "there are many costs to [universal strong encryption.]"

He and the US deputy attorney general Sally Quillan Yates are scheduled to testify before Senate tomorrow to defend their views, the New York Times reports.

The question now is whether other federal officials will side with people like Comey and Cameron or the group of security experts. 

In the paper's words, creating such back-door access to encrypted communications "will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend."

more...
No comment yet.
Scoop.it!

Microsoft Rolls Out The Latest Windows 10 Build To Its 5 Million Testers

Microsoft Rolls Out The Latest Windows 10 Build To Its 5 Million Testers | IT Support and Hardware for Clinics | Scoop.it

Late last week, Microsoft kicked out another Windows 10 build, numbered 10162, to the ‘fast ring’ of its testing community.

The larger Windows Insider program has two groups, fast and slow, allowing people to select how raw they want their code.


The build was rolled out to the larger group of testers today, those in the slow ring. Given that Windows 10 is now just 23 days out, it’s worth taking a moment to dig into what is being released.


The 10162 build, according to Microsoft’s Gabe Aul (see below), isn’t focused new features, but instead contains “bug fixing and final polish.” The company has released a number of builds in recent weeks that were of similar ilk, aimed at beating the operating system into shape, instead of expanding its capabilities.


The code was first pushed to the ‘fast ring’ of testers on the second of this month.

So, consider this to be a build akin to done, but not quite. That means that if you are currently testing Windows 10, regardless of what group you are in, you can now use Windows 10 in a nearly-normal capacity. How polished it is remains your own judgement.

Microsoft recently explained to the public how it will roll out Windows 10. The company intends to deploy the final build to its testing community on the 29th of this month. Following, in waves, other groups will be brought into the fold.


Earlier this morning, The Verge’s Tom Warren reported that Microsoft intends to RTM Windows 10 and distribute it to equipment manufactures (OEMs) later this week. That makes it not too surprising that the software company is working to get fresh code out into the hands of its community.


The long Windows 10 dance is nearly to its first conclusory benchmark. Microsoft has made noise for some time now that it will continue to update the code in perpetuity. But all races, even those that don’t end, have a day one.

    more...
    No comment yet.
    Scoop.it!

    Surveillance Software Firm Breached

    Surveillance Software Firm Breached | IT Support and Hardware for Clinics | Scoop.it

    Hacking Team, an Italian developer of "easy-to-use offensive technology" - including spywareand other surveillance software that it sells to police, law enforcement and intelligence agencies - appears to have been breached and large quantities of corporate information leaked.


    On July 5, hackers also appeared to have seized control of the Hacking Team's Twitter account,@hackingteam, after which they changed the company's logo and posted the following message: "Since we have nothing to hide, we're publishing all our e-mails, files, and source code."


    The message included links to a Torrent file that reportedly includes 400 GB of the aforementioned data, including the source code for its "Remote Control System," known as both DaVinci and Galileo. Hacking Team advertises that the software is able to intercept Skype and voice calls, as well as data stored on PCs. The leaked data reportedly also includes passwords for multiple Hacking Team employees and customers, as well as previously disclosed zero-day vulnerabilities.

    The Hacking Team data leak reportedly reveals that the company's customers have apparently ranged from the U.S. FBI and Drug Enforcement Agency to the governments of Sudan and the United Arab Emirates. Credit for the hack and data breach has reportedly been claimed by PhineasFisher, who has previously targeted vendors for allegedly selling surveillance software to repressive regimes. "Gamma and HT down, a few more to go :),"PhineasFisher said July 6 via Twitter.


    Threat intelligence firm iSight Partners says in a research note that it believes that the breach occurred, and that most or all of the leaked data is genuine, because "convincingly fabricating that much information is prohibitively time intensive." It also warns that the source code could soon become part of other hackers' toolsets. "Hacking Team's tools and techniques will likely begin to be incorporated in other malware and surveillance tools." Allegedly leaked Hacking Team code has already been added to the GitHub code-sharing repository.


    Hacking Team did not immediately respond to a request for comment about the breach, so the contents of those alleged customer lists could not be confirmed. Hacking Team senior system and security engineer Christian Pozzi, whose emails and personal passwords - including for multiple social media accounts - appear to have been included in the leak, says via Twitter on July 6: "We are currently working closely with the police at the moment. I can't comment about the recent breach."

    But the authenticity of that message is questionable, since Pozzi's Twitter account later posted a message suggesting that it too had been compromised by hackers: "We are closing down. Bye Saudi Arabia. You paid us well. Allahuhakbah." After those messages appeared, Pozzi's Twitter account appears to have been deleted in its entirety.

    The Company's Customers

    Numerous privacy rights groups say that the data leak provides a rare look into how governments spy on people at home and abroad. "Hacking Team is one of the most aggressive companies currently supplying governments with hacking tools," says Eric King, deputy director of civil rights group Privacy International. "[The] leak of materials reportedly shows how Hacking Team assisted some of the world's most repressive regimes - from Bahrain to Uzbekistan, Ethiopia to Sudan - to spy on their citizens.


    Hacking Team advertises its Galileo and DaVinci software as being "the hacking suite for governmental interception," noting that it can handle "up to hundreds of thousands of targets, all managed from a central place." Some of the software's capabilities have been previously described by Citizen Lab, a privacy project run by the University of Toronto, which says that the vendor's spyware can copy files from the hard drive of an infected PC, record Skype calls and emails, intercept passwords typed into Web browsers, as well as remotely activate webcams and microphones. To employ the spyware, however, government agencies must first sneak it onto targets' PCs, and Citizen Lab says that phishing attacks are likely the most-used technique for accomplishing this.


    Privacy researcher Christopher Soghoian, principal technologist at the American Civil Liberties Union, says via Twitter that according to the leaked information, Hacking Team's customer list "includes South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, and Mongolia."


    Soghoian adds via Twitter that according to a leaked March 2013 invoice for the first half of a related payment, Hacking Team also completed a €260,000 ($290,000) deal with the government of Azerbaijan by selling "through a shadowy front company in Nevada" named Horizon Global Group.


    Citizen Lab had previously questioned whether Hacking Team was selling to governments that are widely viewed as being repressive. "We suspect that agencies of these twenty-one governments are current or former users of RCS: Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Italy, Kazakhstan, Korea, Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia, Sudan, Thailand, Turkey, UAE, and Uzbekistan," it says in a 2014 report. "Nine of these countries receive the lowest ranking, 'authoritarian,' in The Economist's 2012 Democracy Index. Additionally, two current users - Egypt and Turkey - have brutally repressed recent protest movements."


    The company's customer list had also earned it a place on the "Enemies of the Internet" list maintained by civil rights group Reporters Without Borders.


    The Hacking Team's alleged "maintenance agreement" tracker has been published to text-sharing website Pastebin; it says that the company's customers also include the U.S. Drug Enforcement Agency - as news outlet Vice first reported in April - and government agencies across the EU, including the Czech Republic, Hungary, Luxembourg, Poland and Spain. The FBI, meanwhile, is listed in that maintenance agreement as having an "active maintenance contract" with Hacking Team through June 30, 2015, while both Russia and Sudan are listed as being "not officially supported." Again, however, the authenticity of that information could not be confirmed, and it's possible that whoever leaked the files altered, added or fabricated the information.

    The FBI did not immediately respond to Information Security Media Group's inquiry about whether the bureau is, or has been, a Hacking Team customer.

    Hacker Targets

    Cryptography expert Matthew Green, a Johns Hopkins University professor, says that more than any other type of company except bitcoin exchanges, surveillance software vendors should expect to face serious and sustained hacks. Thus, they should harden their defenses accordingly, but few seem to do so, he says.


    Indeed, Hacking Team is not the first surveillance software vendor to have been hacked. In August 2014, Gamma Group - the creator of FinFisher malware, which it spun off as a separate company in 2013 - was also breached by PhineasFisher, who announced via Reddit that a 40GB data dump leaked to BitTorrent included internal documents, as well as price lists and support queries.

    more...
    No comment yet.
    Scoop.it!

    FBI Alert: $18 Million in Ransomware Losses

    FBI Alert: $18 Million in Ransomware Losses | IT Support and Hardware for Clinics | Scoop.it

    In the past year, U.S. businesses and consumers have experienced more than $18 million in losses stemming from a single strain of ransomware called CryptoWall, according to the Internet Crime Complaint Center.


    In total, IC3 - a collaboration between the FBI and the National White Collar Crime Center - says it received 992 CryptoWall-related complaints from April 2014 to June 2015. And it says the reported losses relate not just to ransom payments potentially made by victims, but additional costs that can include "network mitigation, network countermeasures, loss of productivity, legal fees, IT services and/or the purchase of credit monitoring services for employees or customers."

    The quantity of ransomware attacks continues to escalate, security experts say, because it offers criminals the potential for high rewards with little risk (see Crime: Why So Much Is Cyber-Enabled). Indeed, ransomware attacks can be launched en masse by remote attackers and are relatively cheap and easy to perpetrate. Even the process of collecting payments from victims - often payable in bitcoins - and providing decryption keys can be automated.

    "In most cases, once the victim pays a ransom fee, he or she regains access to the files that were encrypted," IC3 reports. "Most criminals involved in ransomware schemes demand payment in Bitcoin. Criminals prefer Bitcoin because it's easy to use, fast, publicly available, decentralized and provides a sense of heightened security/anonymity."

    Because ransomware can rely so heavily on social engineering - tricking - victims into executing related malware or falling for ransom scams, many security experts have urged businesses to continually educate their employees and customers about ways to spot such attacks and defend themselves.

    Click-Fraud Attack Spike


    Earlier this month, security firm Symantec warned that it had seen a spike in attacks that began with the year-old Poweliks Trojan, which was designed to perpetrate click fraud, and which also downloaded CryptoWall onto an infected system. Click fraud refers to infecting systems with malware that is used to make "bogus requests" for online advertising, without the malware revealing its presence to the user of the infected system.

    Using a single piece of malware - or "dropper" - to infect a system and then download and install many other types of malware onto the same system is not a new attack technique.

    For example, authorities have accused the gang behind Gameover Zeus of first using that Trojan to harvest bank credentials, and then infecting systems with Cryptolocker ransomware. The U.S. Department of Justice believes that the Gameover Zeus gang is responsible for more than $100 million in losses via the banking Trojan, and netted $27 million in ransom payments in just the first two months they began using Cryptolocker.

    Attacks Get Modular


    But attackers have been retooling their malware to make it easier to rapidly infect PCs with multiple types of malware. Security firm Trend Micro warned in 2013 that the aging Asprox botnet, which was first discovered in 2007, had re-emerged "with a new and improved modular framework," and been rebranded as Kuluoz malware, which was a dropper designed to download additional malware onto infected PCs.

    By December 2014, the Level 42 threat-intelligence research group at security vendor Palo Alto Networks reported seeing a spike in Asprox-related attack activity. "This malware sends copies of itself over email quickly and to users all around the world and then attempts to download additional malware," it said. The researchers noted that of the 4,000 organizations that it was monitoring, the malware had been tied to "approximately 80 percent of all attack sessions" seen in October and had attempted to infect nearly half of all those organizations.

    Also in December, the Association of National Advertisers warned that U.S. businesses were losing about $6.3 billion annually to click fraud. The same month, a study conducted for the ANA by the security firm White Ops found that botnets were responsible for "viewing" 11 percent of all online advertisement, and 23 percent of all online video advertisements.

    Asprox Botnet Serves CryptoWall


    But click-fraud malware attacks are increasingly blended with other types of malware as attackers attempt to monetize infected PCs as much - and as rapidly - as possible.

    In a recent series of attacks, Asprox malware - now typically distributed via phishing attacks - "phoned home" to the Asprox command-and-control server after it infected a PC, and received back the Zemot dropper malware, according to a new report released by the security firm Damballa. The dropper then downloaded the Rovnix rootkit, as well as Rerdom, which is a click-fraud installer.

    Damballa says that it has also seen Zemot get installed via crimeware toolkit exploits, which can exploit systems using known vulnerabilities, for example if attackers compromise otherwise legitimate websites and use them to launch drive-by attacks.

    Inside enterprises, "click fraud is generally viewed as a low-priority risk," Damballa says. "In reality, click fraud is often a precursor to something more sinister. A device infected with click-fraud [malware] may leave the enterprise susceptible to dangerous downstream infections."

    Indeed, Damballa reports that tests of Asprox-infected machines found that over the course of two hours, a single PC was infected with three different types of click-fraud malware, as well as the CryptoWall ransomware. Even after CryptoWall encrypted much of the infected PC's hard drive, furthermore, the click-fraud malware continued to operate, so long as the machine remained Internet-connected.

    more...
    No comment yet.
    Scoop.it!

    Latest Windows 10 Mobile preview offers more features and bugs

    Latest Windows 10 Mobile preview offers more features and bugs | IT Support and Hardware for Clinics | Scoop.it

    Microsoft has released a new Windows 10 Mobile preview build that adds new features, fixes previous glitches but adds some new bugs of its own.


    Rolled out on Thursday, Windows 10 Mobile Build 10149 is the latest preview edition for Windows Insiders. To elicit feedback from the user population, Microsoft has been regularly rolling out new previews, or builds, of Windows 10 for desktop and mobile devices. The Windows Insider program allows people to freely install and test each edition and offer their comments, questions and criticisms to Microsoft with the aim of improving Windows 10.


    Microsoft has a lot riding on Windows 10, and at this point, the company has a little over a month before the official version launches on July 29. Windows 10 has at least a couple of goals to meet. It has to provide enough of a punch to erase the bad memory of Windows 8. And it has to appeal to PC users and mobile users alike. The phone side is especially critical as Microsoft's share of the smartphone market has been relatively flat at around 4 percent as it's been trounced by Apple and Android. Windows 10 Mobile needs to offer the appeal necessary to start bumping up that market share.


    On the plus side, Microsoft has given itself more breathing room with Windows 10 Mobile. Windows 10 for PCs and tablets will roll out July 29. But the mobile edition won't be seen broadly until later this year, Gabe Aul, head of Microsoft's Windows Insider program, said in a blog posted earlier this month.


    "We've received questions on the final release date for Windows 10 Mobile," Aul said. "While we're making good progress, we need more time to deliver the optimal experience for mobile devices and you can expect Windows 10 Mobile to release broadly later this year."


    So, what are some of the new features in the Windows 10 Mobile preview? In a blog posted on Thursday, Aul described what's new.

    Designed as a simpler, faster alternative to the aging Internet Explorer, Microsoft's new Edge browser is now officially known as Edge, rather than by its older tag of Spartan. In this build, Edge displays the address bar at the bottom, a change based on feedback from Windows testers, according to Aul. There's also an option to view websites in either mobile view or desktop view.


    Microsoft has also tidied up the overall look of Windows 10 Mobile. In previous builds, many Live tiles pinned to the Start screen would appear blurry. Now the screen is clearer and crisper. Certain controls, such as the volume control, have new icons. Aul also touted the latest build as "more responsive to use." He conceded that more work has to be done but was happy about the progress made in this build.


    The Cortana voice assistant sports a few improvements, especially in its Notebook, an area used to store settings and other user information. Using the Notebook, you can now set up Quiet Hours, a feature that sends any incoming phone calls to voicemail so as not to disturb you. You can also now tell Cortana to send an email in one fell swoop by including the name of the recipient, the subject and your message in one single voice command.


    Another request made by Windows Insiders was to add a virtual flashlight feature to Windows 10's Action Center. And Microsoft has complied with that request in the latest build, letting you turn your phone into a flashlight. The Photos app has been updated to be more reliable and also now supports animated GIFs. And you can now automatically upload your camera roll photos directly to your OneDrive online storage.


    The latest build also contains several fixes, including ones for text notifications, the Podcast app and the navigation bar. But the build also introduces several new bugs.


    In some cases, the install button doesn't respond if the battery isn't fully charged. Some users may bump into an error trying to upgrade from Build 10136, an issue that Microsoft is striving to fix. Sometimes the PIN keyboard doesn't appear after you swipe the screen to unlock it. In rare occasions, entering your PIN fails to unlock the screen. A Gmail account set up on the phone may prevent incoming and outgoing messages in the Messaging app, an issue that can only be resolved with a reboot.


    Further, in-app purchases of Windows Store apps and games don't work on Windows 10 Mobile just yet. In some cases, the colors of certain apps may appear off kilter. And sometimes the notifications in the Action Center are blank.


    To be fair, the latest 10149 build was released on what Microsoft calls the Fast Ring. The Windows 10 Technical Preview has been available to users in both a Slow Ring and a Fast Ring. The Slow Ring builds come out at a slower pace but are generally more stable. The Fast Rings naturally come out at a faster pace but are generally more buggy. So it's natural that the latest Fast Ring will have its share of bugs.


    Based on this latest build, Aul seemed confident about the state of Windows 10 Mobile. "We've been using this build internally for a few days and have really loved it." Aul said. "It is faster, more stable, and more polished overall and has been lots of fun for us to see come together."

    more...
    No comment yet.
    Scoop.it!

    This startup just raised $500 million from investors like Coca-Cola and Virgin to build a network of internet satellites

    This startup just raised $500 million from investors like Coca-Cola and Virgin to build a network of internet satellites | IT Support and Hardware for Clinics | Scoop.it

    A startup trying to bring internet access to even the most remote of places on Earth just raised a whopping $500 million from investors including Coca-Cola, Virgin Group, Airbus, and others.

    OneWeb, which is a London-based company working to build a satellite network for global broadband connectivity, confirmed the gigantic Series A funding raise in a blog post Thursday.

    OneWeb, in its press release, says that its purpose is to "develop key technologies to enable affordable broadband for rural and underdeveloped locations." 


    The company added that it now plans to building a total of 900 "microsatellites" as part of a joint project with Airbus Defense and Space. It has also acquired 65 commercial rockets (the "largest commercial rocket acquisition") from both the French company Arianespace and Virgin Galactic. 

    OneWeb isn’t the only project out there looking into global internet access. Google’s Project Loon, for instance, has been working to build a network connected by giant drifting balloons.

    Facebook has also been looking into a similar project with Internet.org, although its been met with dissent due due to concerns with its lack of net neutrality. 


    Elon Musk too has reportedly been looking into a global satellite internet project.

    But now there's a third company hoping to bridge the connectivity gap and it has half a billion dollars to play around with.

    OneWeb says that the plan is to formally launch its network by 2019.

    more...
    No comment yet.
    Scoop.it!

    People are freaking out about a new rule that would stop website owners from hiding their personal information

    People are freaking out about a new rule that would stop website owners from hiding their personal information | IT Support and Hardware for Clinics | Scoop.it

    New rules are being proposed about how to register online domains, and privacy advocates are worried.

    Currently, when someone registers a website they are offered the choice of using a proxy registration service. These services act as middlemen so that people’s personal contact details aren’t readily available to the public.

    But the International Corporation for Assigned Names and Numbers (ICANN), which overseas the bureaucratic process of naming online domains, is in the process of proposing new rules. One such proposed rule would make commercial websites not eligible to use proxy registration services. 


    This means that people registering websites for non-personal purposes would have to disclose their name, address, and phone number, which could be easily searchable by anyone.  


    Privacy advocates are none too thrilled about this. This amendment, wrote the Electronic Frontier Foundation in a new blog post, means that website owner could "suffer a higher risk of harassment, intimidation and identity theft."

    The question at hand is: What is considered commercial? While it’s easy to differentiate between huge commercial websites and small personal pages, in some areas it’s not so clear-cut. For instance, if a smaller website is taking ad revenue does that necessarily make it commercial? Even if it’s just one person posting their own posts?

    more...
    No comment yet.
    Scoop.it!

    Lenovo's Ideacenter Stick 300 Is a Windows PC on a Stick for $140

    Lenovo's Ideacenter Stick 300 Is a Windows PC on a Stick for $140 | IT Support and Hardware for Clinics | Scoop.it

    The computer-on-a-stick is not a newnor always terribly successful—idea. But that hasn’t stopped Lenovo, which has announced its own stab at the concept: the Ideacenter Stick 300.

    The new device comes in several spec levels, featuring an Intel Baytrail CPU, up to 2GB of RAM, up to 32GB of storage, Wi-Fi 802.11 b/g/n, Bluetooth 4.0, and SD card reader, HDMI out and a single Micro USB port. It will run Windows 8.1 out of the box, but will also receive a free upgrade to Windows 10 when the OS launches.

    In its cheapest guise, the stick will cost $140 though availability is yet to be announced. We wonder if the device can overcome some of the fundamental problems that make the (very similar) Intel offering, the Compute Stick, a massive flop. We sure hope so.

    more...
    No comment yet.