Latest Entries »

The number of businesses hit by the data-stealing Backoff malware may be substantially more than the 1,000 or so companies estimated by federal officials, according to security vendor Kaspersky Labs.

Researchers at Kaspersky managed to intercept traffic between systems infected by Backoff and two servers used by hackers to control the malware.

In the span of just a few days, the researchers discovered more than 100 systems from 85 distinct IP addresses attempting to connect to the two malicious command-and-control servers. Of that number, 69 of the infected systems were in the U.S and 28 were in Canada.

The researchers also spied communications from a smattering of infected systems in other countries, including the United Kingdom and Israel.

Among those with infected systems were a global freight shipping and transportation company based in North America; a North American payroll association; a U.S.-based liquor store chain; and a U.S.-based Mexican food chain, Kaspersky said.

Most of the systems appear to have been compromised months ago, given that they were infected with a Backoff variant from October 2013, said Roel Schouwenberg, a senior security researcher at Kaspersky. “Looking at the bigger picture here, these companies were infected for a very long time — maybe even half a year or longer,” he said.

Though they should have detected and blocked any malicious activity related to the malware, none of the companies appears to have even known they were infected, he said.

The malicious servers Kaspersky intercepted represent less than 5% of the command-and-control channels used to operate Backoff-infected systems worldwide. The fact that even that small sample turned up more than 85 victims suggests that the number of infections in North America is well over 1,000, Schouwenberg noted.

Backoff is a Trojan program designed specifically to steal credit and debit card data from point-of-sale (POS) systems. It was released last October, but remained hidden from anti-virus and other malware tools until it was discovered in August.

The tool was used in the massive data theft at Target and in several smaller ones at other retailers like Neiman Marcus.

The U.S. Department of Homeland Security and U.S. Secret Service have so far issued two bulletins about Backoff warning retailers of the severity of the threat. The two agencies have said the malware has infected at least 1,000 U.S. businesses.

The Payment Card Industry Security Standards Council, which oversees the PCI security standard, issued an urgent bulletin this past week urging retailers to review security controls and take additional protective measures, such as end-to-end encryption to protect against the malware.

Backoff is not an especially sophisticated tool, said Schouwenberg. Even current versions are not any more advanced than versions of the malware when it was first released. But the fact that it still managed to infect so many systems highlights the weak security measures companies have deployed for POS operations, he said.

Even if anti-malware tools did not detect Backoff, companies should have still been able to spot malicious activity from it. For example, the companies should have spotted the massive transfers of stolen data taking place from within their networks, Schouwenberg said.

“Why does a POS terminal in Alabama need to connect to a server based in Russia?” he asked. “There’s just a whole number of things to show defenses are not up to par.”


App Store rejections may not be the hot-button issue it was a few years ago, but for developers, it’s still a chief area of concern. To give app makers a little clarity and direction, Apple published a new page to its Developer site that outlines some of the most common reasons an app gets rejected from the App Store.

According to the new page, which AppFigures linked to on Twitter, the most common reasons for rejection include issues with crashes and bugs, dead in-app links, and placeholder content that hasn’t been removed. Apple will also reject apps because of low-quality user interfaces, and apps that don’t match their description are also non-starters.

In addition, apps should offer some “lasting value,” according to Apple. Apps that are nothing more than a wrapper for a website or have little to offer users may also be rejected.

The new page also lists the ten most common reasons for rejection over a seven-day period, which should give prospective developers a clearer idea of what to do–and not to do. According to the page, the top ten reasons for rejection accounted for 58 percent of app rejections between August 21 and 28; all over rationale accounted for the over 42 percent.

Apple has taken numerous steps in recent months to become a more open, more transparent company, and this looks to be the latest step in the process. Although Apple published the full App Store guidelines a few years back, this new page is more accessible to the masses, and publishing such an overview four or five years ago may have saved Apple some grief.


Chinese authorities have issued a 20-day deadline for Microsoft to explain “compatibility problems” with its Windows and Office software, after previously warning the company not to obstruct an anti-monopoly investigation.

China’s State Administration for Industry and Commerce (SAIC) posted an online notice Monday demanding that Microsoft offer a written explanation within the allotted time. The antitrust regulator has been investigating the company on industry complaints that Microsoft software has “not been fully open,” resulting in compatibility and bundling issues with the products.

The notice was issued a week after SAIC claimed that Microsoft had not been fully transparent in its investigation. The regulator has been questioning Microsoft officials and in July conducted several raids of company offices in China to obtain information on contracts, financial statements, and internal emails.

The Chinese regulator has yet to fully elaborate on the investigation’s specifics. Windows is the country’s dominant PC operating system, but for years Microsoft has been fighting piracy in the China, including by filing lawsuits against alleged offenders.

A Chinese procurement center banned certain purchases of Windows 8 devices in May, with state-controlled media claiming the action was related to security concerns with the software.

China is also investigating other foreign companies on anti-monopoly charges. Among them is Qualcomm, which has allegedly been overcharging clients to use its patents.

Microsoft did not immediately respond to a request for comment. But last week, the company said it was serious about complying with Chinese laws and committed to addressing SAIC’s questions.


Smartwatches will be in the spotlight at the IFA trade show in Berlin, with LG, Motorola, Samsung and Sony all keen to demonstrate their new products are what consumers want.

Samsung Electronics and LG Electronics announced their upcoming smartwatches, the Gear S and G Watch R, last week in advance of the show.

Samsung’s Gear S is a 3G smartwatch that doesn’t need a smartphone to function. It’s powered by an unspecified dual-core 1GHz processor and has a curved 2-inch Super AMOLED screen with a 480 by 360 pixel resolution.

After using Android Wear on the Gear Live, Samsung is back to using the Tizen operating system on its latest model. Getting developers to customize apps for smartwatches will be a challenge for any company, particularly Samsung since Tizen doesn’t have the fan base that Android and iOS have.

To help make up for the lack of apps, Samsung has teamed up with Nike on a running app and Nokia for maps.

The Gear S also has 4GB of integrated storage, 512MB of RAM and a 300mAh lithium-ion battery that lasts two days with typical use, according to Samsung. Pricing hasn’t been announced, but the Gear S will start shipping worldwide in October.

Samsung has now announced five smartwatches in 12 months — the first model, the Galaxy Gear, was launched at IFA last year. The company’s aim is clearly to consolidate its leading market position in smartwatches, particularly given relentless rumors about Apple’s possible entry into the wearables market, research company CCS Insight wrote in its IFA preview.

The tactic is similar to what Samsung has done in the past — try out a number of different ideas and see what sticks. Given this approach, it’s somewhat surprising the company hasn’t put out a smartwatch with a round face, which LG and Motorola Mobility are expected to do soon.

Motorola’s round Moto 360 has been a long time coming. It was announced along with Android Wear in March and will finally be introduced this week. Motorola has promised the smartwatch would ship in the summer and since it’s already September the company has to deliver in the next few weeks to fulfill that pledge.

The Moto 360 is also a good looking device and is expected to have a 1.5-inch screen, be water and dust resistant, and have an integrated heart-rate monitor.

It will compete with LG’s Android Wear-based G Watch R, which has a 1.3-inch screen and is powered by a 1.2GHz Snapdragon 400 processor. It has 4GB of integrated storage, 512MB of RAM and a 410mAh battery. It too has a heart-rate monitor and is water and dust resistant.

LG has provided a handful of images of the device, which looks more like a traditional watch, as opposed to the G Watch’s rather bland design. The company seems intent on showing that the R is just that: an attractive wristwatch, because none of the images show the Android Wear interface.

LG and Motorola still haven’t provided any details on what their smartwatches will cost. But the Moto 360 is rumored to have a US$250 price tag. The G Watch R will become available in the beginning of the fourth quarter. There is no official ship date for the Moto 360.

Sony is also expected to launch a new smartwatch at IFA. The company is a veteran in the field, so far using its own version of Android. But given Android Wear’s strong momentum, it’s likely that Sony will use the Google platform on the new device, according to CCS Insight.

The smartwatch sector is still in its infancy, with products that have a lot of room for improvement. For example, tremendous advances across the entire component ecosystem are needed to achieve multiple days of battery life, according to Daniel Matte, an analyst at Canalys.

Wearable sales are still dominated by armbands from vendors such as Fitbit and Jawbone, which have more than a two-thirds market share.

Overall sales grew by 684 percent during the first half of the year to 6.2 million units, according to Canalys. To put that number in some perspective, about 6.3 million smartphones were sold every two days during the first six months of 2014.


Chinese antitrust regulators today ordered Microsoft to explain compatibility and bundling issues with its software and gave the U.S. company 20 days to comply.

The brief announcement on the website of China’s State Administration for Industry and Commerce (SAIC) (Chinese language version) was the latest move in the government’s antitrust investigation of Microsoft, which faces an unknown number of charges.

Microsoft must reply to the SAIC’s demands in writing, the agency said.

In a translation by the Wall Street Journal (subscription required), which reported on the SAIC’s newest demands, the agency said Microsoft must explain “problems like incompatibility and other issues caused by a lack of released information about its Windows and Office software.”

The demand was made during a meeting Monday with David Chen, Microsoft’s general manager for legal and corporate affairs in China.

The latest from the SAIC was another in a steady drumbeat of allegations the government has leveled at Microsoft. In July, antitrust regulators and police raided several Microsoft offices, seizing computers and documents in a first step of an investigation. The probe was prompted by complaints lodged since July 2013 about how Windows and Microsoft Office are bundled, about Windows-Office compatibility and about other unnamed concerns.

Since then, officials have warned Microsoft that it must cooperate and then last week claimed that the company has not complied with the investigation even as it demanded more information about distribution of the Windows Media Player and the Internet Explorer (IE) browser.

Microsoft has repeatedly pledged to comply with government requests and cooperate with the probe. “We’re serious about complying with China’s laws and committed to addressing SAIC’s questions and concerns,” a company spokesperson said in early August.

The SAIC, however, has released little information about the investigation, and Microsoft has been just as tight-lipped.

Chinese authorities have long been at odds with Microsoft, but the disputes ramped up significantly this spring when officials banned the use of Windows 8 on government computers and criticized the company for stopping security updates to the 13-year-old Windows XP.

Some analysts believed that the Windows 8 ban was a tit-for-tat response to the U.S. Department of Justice’s allegations against five Chinese hackers with links to the People’s Liberation Army (PLA), China’s military. In May, the DOJ accused the five of breaking into numerous U.S. companies’ networks and stealing trade secrets and intellectual property.

Other experts, however, tied the probe to the dominance of Windows on China’s personal computers, a fact that has gnawed at the government, which has tried for years to replace foreign-made software and operating systems with domestic substitutes. According to Irish metrics company StatCounter, Windows accounted for 97% of China’s operating system “usage share,” a measurement of which OSes online users run on their personal computers. About 39% of all Windows-powered PCs in the country still ran Windows XP in August; a majority of 54% ran Windows 7.

Last week, the head of an operating system development alliance created in March announced that a homegrown OS could launch as early as October.

Not surprisingly, both the government-run Xinhua News Agency and the People’s Daily, the Communist Party’s official newspaper, reported on the Monday demands made of Microsoft. Xinhua also said that “initial results [of the investigation] will be promptly announced to the public.”


A funny thing happened on the Internet Sunday as a cache of nude photos of Kate Upton, Jennifer Lawrence, and other big-name stars made their way onto 4chan, as BuzzFeed notes. Reports indicate that this leak may have been the result of a hacker (or hackers) taking advantage of a flaw in Apple’s iCloud service.

According to TheNextWeb, a hacker may have used a Python script posted to GitHub to hack their way into celebrities’ iCloud accounts. The script, TheNextWeb reports, uses a flaw in Find My iPhone to make it easier to crack a password using “brute force” means where hackers use a piece of software to repeatedly guess a password.

This exploit reportedly disabled any “lockout” mechanism to keep hackers from brute-forcing a password. It also went around iCloud’s security notification feature, TheNextWeb notes, so users apparently had no idea that their accounts were compromised.

The motivation for the attack seems to be financial in nature: BuzzFeed reports that the hacker posted the photos to 4chan “in an attempt to earn bitcoins.”

TheNextWeb says that it appears that Apple has corrected the flaw, but as of this writing, Apple has yet to comment on the matter.


Apple plans to enable its next iPhone to become a mobile wallet by allowing owners to securely make mobile payments in a store with the touch of a finger, Bloomberg said on Sunday, citing a person familiar with the situation.
The agreement includes participation by Visa, MasterCard and American Express and will be announced September 9 along with unveiling of the next iPhone, according to the source, who Bloomberg said asked not to be identified because the talks are private.

The new iPhone will simplify mobile payment by including a near-field communications (NFC) chip, along with a fingerprint recognition reader that debuted on the iPhone 5s (Pictures), the source said.

It’s not clear at this point if the mobile wallet functionality will be limited to certain geographies at launch.

As the report notes, Apple will not be the first company to integrate a mobile wallet – Google already has one – but it’s move is likely to have the most impact considering the marketshare Apple’s phones enjoy in the key market of the United States.

“Love it or hate, Apple drives a lot of standards in the industry,” Bajarin told Bloomberg. “They are the mover in these markets. When they do something, the industry seems to follow.”

The move will create increased brand loyalty and keep people within Apple’s ecosystem

“It’s about retention, solving and adding features that keep your base engaged and keeping them loyal,” Bajarin said.

Apple is believed to have the largest collection of credit cards on record for any company, with over 800 million iTunes account holders who presently enjoy a seamless purchase experience for digital goods like apps, movies, music, and ebooks.

With NFC integration in the upcoming iPhone 6 models and tie-up with the likes of Visa, MasterCard, and American Express, Apple will aim to move this speed and convenience of paying from the digital to the real world.


The United States has launched a social media offensive against the Islamic State and Al-Qaeda, setting out to win the war of ideas by ridiculing the militants with a mixture of blunt language and sarcasm.
Diplomats and experts are the first to admit that the digital blitz being waged on Twitter, Facebook and Youtube will never be a panacea to combat the jihadists.

But US officials see social media as an increasingly crucial battlefield as they aim to turn young minds in the Muslim world against groups like IS and Al-Qaeda.

For the past 18 months, US officials have targeted dozens of social network accounts linked to Islamic radicals, posting comments, photos and videos and often engaging in tit-fot-tat exchanges with those which challenge America.

At the US State Department, employees at the Center for Strategic Counter terrorism Communications (CSCC), created in 2011, manage an Arabic-language Twitter account set up in 2012, an English-language equivalent and a Facebook page, launched this week.

‘Many skirmishes, few battles’
A senior US State Department official described the strategy as a kind of cyber guerilla campaign.

“It is not a panacea, it is not a silver bullet,” the official explained. “People exaggerate, people think this is worthless or they think it a magic thing that will make the extremists surrender. It is neither one of those. It is slow, steady, daily engagement pushing back on a daily basis.

“It is a war of thousands of skirmishes, but no big battles. America likes big battles but it is not it is like guerilla warfare,” said the official.

The murder of US journalist James Foley, whose execution by Islamic State militants on August 19 was released in a video on the Internet, jolted the new breed of US cyber-warriors into a frenzy.

Since Foley’s murder, the CSCC has ramped up its Twitter campaign, posting tributes to the slain reporter, opinion pieces and analyses on radical Islam from across the international media, along with cartoons and graphic photos.

The State Department last week tweeted about the death in Syria of Islamic State members, one of whom, Abu Moussa, had recently declared that the group would one day “raise the flag of Allah in the White House.”

Another tweet congratulated militant Yazidis who claimed to have killed 22 Islamic State fighters in Iraq.

Another post was more in keeping with the sober diplomatic tone Washington is used to, a photo-montage showing Syria’s leader Bashar Al-Assad alongside Islamic State leader Abu Bakr al-Baghdadi in front of a city in ruins.

“Baghdadi and Assad in a race to destroy Syria – don’t make it worse,” reads a message.

Historic parallels
The US-managed Twitter accounts are also not squeamish about reproducing images distributed by jihadists depicting mass executions, drawing historic parallels between Islamic State militants and the Nazis.

One post showed armed Islamic State fighters standing over a ditch filled with executed people, alongside another almost identical image of Nazis killing people in similar circumstances.

“Then & Now: Nazis – like ISIS – murdered out of intolerance, hatred, zeal,” read a comment alongside the two images.

Satire is also used to undermine militants, with one re-tweeted cartoon referring to the “ISIS bucket challenge” featuring a participant named as “the civilized world” being drenched by a bucket of blood.

The US officials say the social media offensive is an attempt to “contest space” on social networks which had previously been dominated by Islamist radicals.

“This is an area, a field, where before we came along the adversaries had this space to themselves,” the official explained.

“You had English language extremists that could say any kind of poison and there will be very low push-back against them,” he added. The ultimate aim is to make youths in the West or Muslim nations think twice before embarking on a journey to Syria or Iraq to join Islamic State fighters.

US officials are also mindful of striking the right tone as they troll Islamists.

“Twitter is unfortunately or fortunately a platform which is suitable for what we call snark, sarcasm, for insulting people,” the official said. “This is something also we are trying to do, we try to attack.

“We are respectful about things, the loss of human life of innocent people, victims of AQ or victims of ISIS, that is not something for sarcasm.

“But when you are mocking them, it is effective to draw the comparison between what they say and what they do. The hypocrisy of this group is a weakness.”

William Braniff, executive director of National Consortium for the Study of Terrorism and Responses to Terrorism (START) at the University of Maryland, said the US online strategy was a step in the right direction but would take a while to yield results.

“For a decade the government is criticized for not engaging in the world of ideas online,” Braniff said.

“The department of State eventually created this program in part to address that criticism.

“This is a just a drop in a bucket there is so much extremist propaganda online and so many formats for extremists to dialogue that this is really just spitting into the wind.

“We have to give these sort of programs time to build momentum.”


Bhartiya Janta Party’s (BJP) portal and the personal website of Prime Minister Narendra Modi are among India’s most targeted sites by hackers. “Prime Minister’s personal site as well as our party’s website is one of the most targeted websites in the country,” BJP National Head IT Cell Arvind Gupta said at a hackers conference in New Delhi.
Gupta added the IT wing of the party has sufficient.resources at its disposal to check such attacks.
Government’s cyber-security arm Computer Emergency Response Team-India (CERT-In) reported 62,189 cyber-security incidents in the first five months this year. The body also reported that 9,174 Indian websites were hacked by groups spread across the world.
According to government data, during the 2011, 2012, 2013.and 2014 (till May), a total number of 21,699, 27,605, 28,481.and 9,174 Indian websites were hacked by various hacker groups spread across worldwide.
Besides, during these years, a total number of 13,301, 22,060, 71,780 and 62,189 security incidents, respectively, were reported to the CERT-In.
In July this year, Communications and IT Minister Ravi Shankar Prasad told Lok Sabha that there have been attempts.from time to time to launch cyber-attacks on Indian cyberspace.
“These attacks have been observed to be originating from the cyberspace of a number of countries including the US, Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the UAE,” he had said then.


The Xiaomi Redmi 1S, priced at Rs. 5,999, is all set to go on sale in India starting Monday at 2pm IST exclusively for the first 2,000 Flipkart First subscribers who registered to buy the handset – ahead of the first flash sale for registered users on Tuesday.
The Redmi 1S will be available 1 day prior to its India availability only for select Flipkart First subscribers. However, the handset for general public will go on sale only on September 2 [Tuesday] at 2pm IST. The smartphone will be automatically added to the cart of the first two thousand Flipkart first customers who registered for the handset’s flash sale on Tuesday.

Flipkart, the exclusive online retailer of Xiaomi handsets in India, sent an email titled ‘Early Access to Redmi 1S’ to its Flipkart First subscribers, saying, “The first two thousand Flipkart First subscribers who register to buy, will get the Redmi 1S added to their cart automatically and they can purchase the Redmi 1S on Sep 1 2pm IST, one day prior to its India launch.”

Considering the limited stocks of the Redmi 1S will be available in India, the popular e-commerce giant has also announced that it will limit orders to one phone per registered email id. The email said, “Since stocks would be limited, we recommend you to login & buy immediately 2pm onwards. To ensure that all our customers can get their hands on Redmi 1S, we are limiting orders to one phone per registered email id.”

Flipkart and Xiaomi, continuing the flash sale trend started with the Mi 3, announced last week that 40,000 units of the new budget smartphone would be available on Flipkart for the first flash sale on Tuesday. The company, also referred to as ‘China’s Apple’, had also claimed that over 100,000 people already registered for the Redmi 1S’s first flash sale.

Xiaomi had faced a lot of criticism from Indian consumers due to the limited number of Mi 3 (Review | Pictures) units in each flash sale, and the speed of the stock being sold. It is yet to be seen how both the companies (Flipkart and Xiaomi) handle the sales of Redmi 1S in India.

Chinese handset maker also confirmed that it discontinued the Mi 3 in India, as Xiaomi’s India Head, Manu Jain told NDTV Gadgets that the reports were off the mark.



Get every new post delivered to your Inbox.

Join 112 other followers