Insurgents Hack U.S. Drones

Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America’s enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas. They also point to a potentially serious vulnerability in Washington’s growing network of unmanned drones, which have become the American weapon of choice in both Afghanistan and Pakistan.

The Obama administration has come to rely heavily on the unmanned drones because they allow the U.S. to safely monitor and stalk insurgent targets in areas where sending American troops would be either politically untenable or too risky.

The stolen video feeds also indicate that U.S. adversaries continue to find simple ways of counteracting sophisticated American military technologies.

U.S. military personnel in Iraq discovered the problem late last year when they apprehended a Shiite militant whose laptop contained files of intercepted drone video feeds. In July, the U.S. military found pirated drone video feeds on other militant laptops, leading some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds.

In the summer 2009 incident, the military found “days and days and hours and hours of proof” that the feeds were being intercepted and shared with multiple extremist groups, the person said. “It is part of their kit now.”



Europeans to pick browsers after Microsoft deal

BRUSSELS – More than 100 million Europeans will get to pick a Web browser after Microsoft agreed to offer Internet users a choice to avoid fresh fines — a move that could represent a real thawing of long-standing tensions between the software company and the European Union.

In a deal with regulators Wednesday, Microsoft Corp. will from March provide a pop-up screen to all users of its Windows operating system, asking them to choose one or more of five major browsers — including Microsoft’s Internet Explorer, Google’s Chrome and Apple’s Safari — and seven smaller rivals.

In return, the European Commission will drop charges it filed against Microsoft in January, when it said tying Internet Explorer to Windows — already-installed on most computers — gave the browser an unfair advantage. That was the latest in a long list of concerns — in more than a decade of EU antitrust action, Microsoft has been fined euro1.7 billion.

Neelie Kroes, the EU’s competition commissioner, said the deal resolves “a serious competition concern” for a key market in the development of the Internet.

“It is as if you went to the supermarket and they only offered you one brand of shampoo on the shelf, and all the other choices are hidden out the back, and not everyone knows about them,” she said. “What we are saying today is that all the brands should be on the shelf.”

Microsoft is not totally out of the woods yet, as it can still be fined up to 10 percent of yearly global turnover without regulators having to prove their case if it doesn’t stick to its commitment for the next five years.

The EU is also still investigating a complaint that Microsoft isn’t sharing enough technical information that would help developers make compatible products; regulators reacted coolly to Microsoft’s offer Wednesday to provide developers more information to make their products compatible, saying they would check to see if it does help rivals.

The U.S. Department of Justice welcomed the deal which it said could enhance competition. It investigated Microsoft during the 1990s for trying to squeeze browser rival Netscape and settled the case in 2002 in a deal ordering the company to share some data with rivals.

However, U.S. regulators did not follow up more recent complaints, leaving the EU as the most active global antitrust enforcer probing Microsoft’s move into server, media and Web software.

Google said more competition among browsers would boost innovation and promote a shift to “cloud computing” where people use Internet-based applications to perform tasks that they now do offline — often using Microsoft programs for word processing or bookkeeping.

Meanwhile Mozilla — the maker of Internet Explorer’s nearest challenger, Firefox — said it was happy to see that the EU deal would stop Microsoft repeatedly prompting users to switch from other browsers to Internet Explorer

Internet Explorer has some 64 percent of the global browser market, followed by Firefox at nearly 25 percent, Apple’s Safari at 4 percent and Google’s Chrome at 3.9 percent, according to figures from Net Applications.

Opera, the Norwegian browser company that made the initial complaint to the EU, said it thought the browser screen would help it attract more users even though it will be competing against major brand names. Opera’s share is just over 2 percent.

Most European users of Windows XP, Vista or 7 will get the new choice screen from Microsoft’s automatic updates if they have Internet Explorer installed as their default browser. Users outside the 30 countries in the European economic area — the 27-nation EU plus Norway, Iceland and Liechtenstein — won’t get the update.

Users will see a box that asks them to find out more about browsers before they click to download one or more of them. They can close the box to keep Internet Explorer if they want.

The EU says some 100 million computers will get the update by mid-March and another 30 million new computers will see it over the next five years. The choice of browsers will be updated every six months based on new market share information.

Microsoft must also report back to regulators in six month’s time to check how the program is working — and could make changes in the EU asks. The EU is also able to review the entire deal at the end of 2011.

Microsoft’s general counsel Brad Smith said he was pleased to resolve long-standing competition law issues.

Microsoft also pledged Wednesday to offer far more technical documentation on its most popular products to makers of rival software — including open source developers — and support some industry standards.

“We believe it represents the most comprehensive commitment to the promotion of interoperability in the history of the software industry,” he said in statement.

Thomas Vinje, a lawyer for the group of companies that complained about Microsoft’s interoperability, said it was “not yet clear” if Microsoft’s offer would tackle competitive problems in the industry.

EU resolves Microsoft IE antitrust case

Microsoft and the European Commission have settled their differences over the choice of Web browsers in Windows.

European Commissioner for Competition Policy Neelie Kroes on Wednesday formally announced a resolution to the Internet Explorer antitrust case against Microsoft. As part of the settlement, Windows PCs sold in the European Economic Area will now present users with a Choice Screen, allowing them to install alternative browsers beyond Internet Explorer.

The Choice Screen will offer users the ability to install up to 12 of the most widely used Web browsers that run under Windows, including Firefox, Safari, Google Chrome, and Opera. Users can download as many of the browsers as they wish or stick with Internet Explorer. Additionally, computer makers and users in Europe will be able to turn off IE totally and set up other browsers as the default. As part of the settlement, Microsoft is also prohibited from preventing the choice of different browsers through any contractual or technical means.

Microsoft initially proposed stripping a browser out of Windows 7 entirely, a move first reported by CNET. Both competitors and the EU balked at that idea though, instead favoring some sort of ballot screen. Microsoft eventually relented, though the company and its rivals have gone back and forth for a while over the details.

Based on feedback it received, Microsoft modified and improved its design, according to the EC. The screen now appears in a neutral window, rather than an Internet Explorer window, and displays the browsers in a random order. The screen itself looks cleaner and less cluttered to the EC, which it believes will help users better focus on making their browser choice.

Microsoft has promised to make the screen available for five years in the European Economic Area and to offer it for Windows XP, Vista, and Windows 7, according to Europe’s antitrust regulators.

“Millions of European consumers will benefit from this decision by having a free choice about which web browser they use,” said Kroes. “Such choice will not only serve to improve people’s experience of the internet now but also act as an incentive for web browser companies to innovate and offer people better browsers in the future.”

Starting six months from now, Microsoft must report regularly to the Commission on its progress in implementing the new commitments, and the Commission can review the commitments two years from now.

After the EU announced the news, Microsoft issued its own statement on the resolution of the long-running, and expensive, antitrust case.

“We are embarking on a path that will require significant change within Microsoft. Nevertheless, we believe that these are important steps that resolve these competition law concerns,” Microsoft general counsel Brad Smith said in the statement. “This is an important day and a major step forward, and we look forward to building a new foundation for the future in Europe.”

The U.S. Justice Department, which waged its own years-long antitrust battle with Microsoft, applauded the outcome of the EU’s case.

“As we understand it, the settlement is based on measures to enhance competition and is designed to preserve industry participants’ incentives and ability to compete going forward. A settlement that helps to clarify obligations under European law allows the industry to move forward,” Christine Varney, assistant attorney general in the Justice Department’s antitrust division, said in a statement.


New cloud hacking service steals Wi-Fi passwords

For US$34 (£20), a new cloud-based hacking service can crack a WPA (Wi-Fi Protected Access) network password in just 20 minutes, its creator says.

The WPA Cracker service bills itself as a useful tool for security auditors and penetration testers who want to know if they could break into certain types of WPA networks. It works because of a known vulnerability in Pre-shared Key (PSK) networks, usually used by home and small-business users.

To use the service, the tester submits a small “handshake” file that contains an initial back-and-forth communication between the WPA router and a PC. Based on that information, WPA Cracker can then tell whether the network seems vulnerable to this type of attack or not.

The service was launched by a well-known security researcher who goes by the name of Moxie Marlinspike. In an interview, he said that he got the idea for WPA Cracker after talking to other security experts about how to speed up WPA network auditing. “It’s kind of a drag if it takes five days or two weeks to get your results,” he said.

Hackers have known for some time that these WPA-PSK networks are vulnerable to what’s called a dictionary attack, where the hacker guesses the password by trying out thousands of commonly used passwords until one finally works. But because of the way WPA is designed, it takes a particularly long time to pull off a dictionary attack against a WPA network.

Because each WPA password must be hashed thousands of times, a typical computer can guess perhaps just 300 passwords per second, while other password crackers can process hundreds of thousands of words per second.

That means that the 20-minute WPA Cracker job, which runs 135 million possible options, would take about five days on a dual-core PC, Marlinspike said. “That has really stymied efforts of WPA cracking,” he said.

WPA Cracker customers get access to a 400-node computing cluster that employs a custom dictionary, designed specifically for guessing WPA passwords. If they find the $34 price tag too steep, they can use half the cluster and pay $17, for what could be a 40-minute job. Marlinspike declined to say who operates his compute cluster.

The attack will work if the network’s password is in Marlinspike’s 135 million-phrase dictionary, but if it’s a strong, randomly generated password it probably won’t be crackable.

The service could save security auditors a lot of time, but it will probably make it easier for senior management to understand the risks they’re facing, said Robert Graham, CEO of penetration testing company Errata Security. “When I show this to management and say it would cost $34 to crack your WPA password, it’s something they can understand,” he said. “That helps me a lot.”


Should You Outsource or Keep IT In-House?

It’s nice to have an IT staffer in house who has intimate knowledge of your business, your network and your needs. However, few individuals are experts in all areas, and those who have the requisite skills don’t come cheap. No individual can be available 24/7 either. For many small and medium-sized businesses, outsourcing may be a better solution.

Maintaining the network. Ensuring remote users have access to resources. Updating virus definitions. Troubleshooting email problems. Any number of IT issues can arise on a daily basis.

So does it make sense for small businesses to hire a full-time IT staffer or outsource their IT needs? That depends. Weighing the pros and cons in both scenarios can help determine which option is likely to best serve small businesses.

In-House IT Support: Pros

Easy access: A tech support person on staff can address issues immediately. Other clients won’t be competing for your IT staffer’s time, though there may be other departments doing so.

Cost control: As a full-time employee, your IT support staffer’s salary remains the same, regardless of the tasks undertaken — for example, troubleshooting a printer problem, setting up a new server, or staying late on a Thursday night to complete an operating system upgrade. This means that your costs remain steady even as your technology needs change. This can be a double-edged sword, however.

In-House IT Support: Cons

Upfront and hidden costs: Hiring a full-time IT professional is an expensive endeavor. Providing that pro with a computer, desk, telephone extension, payroll account and benefits drives the cost up even higher. For many small businesses, having a full-time IT specialist with a full-time salary working on staff is too cost-prohibitive to even be considered a viable option. Not to mention the costs associated with ongoing training for IT personnel.

Limited technological expertise: Your IT specialist may be good with Excel and handy when it comes to figuring out why the printer isn’t working, but may not be as savvy when it comes to diagnosing network security issues or upgrading the Exchange server. It’s unlikely that one IT professional will be able to provide expertise for all of your technological needs. If having one full-time person is costly, you might not want to calculate the cost for a small team of specialists!

Outsourcing IT Support: Pros

Less expensive: All things considered, outsourcing tends to be less expensive than hiring a full-time IT employee in-house. Many costs — such as overhead — are spread over several clients via the agency model. Additionally, your small business doesn’t have to worry about costs associated with training or certifying IT staff.

Round-the-clock service: Most professional IT help desk or tech support firms offer their customers 24/7 access to tech support specialists, either by phone or through remote computer access. This means that you’ll have someone to walk you through resetting your email password — even at 2 a.m. What’s more, if your main contact is sick, there will be a substitute that you can count on.

Outsourcing IT Support: Cons

Language or cultural differences: Struggling to understand your tech support specialist can make a frustrating situation even worse. Unfortunately, many small businesses choose offshore outsourcing as their least-expensive option, while not considering the time and aggravation spent on communication issues. This can be mitigated either by carefully interviewing various offshore firms and giving them a “test drive,” or by hiring a local firm. The latter may also allow you to have the specialist on-site, which is highly recommended for handling most IT support needs.

Not part of the team: Because outsourced IT specialists are there only when scheduled or when you need them to fix a problem, you’ll spend time bringing them up to speed when issues do arise or when you want them to provide advice on future technology initiatives. Again, there is a solution: Get an outsourced firm involved in your IT needs on an ongoing basis via “managed services.” This way, the firm can help with routine help desk and tech support issues, and will be more fully plugged in to your needs and requirements when it comes time to upgrade the network.

And the Winner Is: Outsource Locally

Certainly, small businesses have a variety of options for solving their tech support issues. For most small businesses, however, outsourcing is the best option. Outsourcing tech support needs allows businesses to stay focused on their own core offerings without getting sidetracked on IT projects. It also allows businesses access to cutting-edge resources and expertise, without the costs typically associated with staying ahead of the technology curve.

For many small businesses, outsourcing to a local firm provides the right combination of cost savings, flexibility and round-the-clock support without the language or cultural issues that sometimes arise with offshore firms. Outsourcing locally also provides small business owners peace of mind that when they need on-site tech support, they can get it, thus allowing them to manage their business, not their network.


Android ‘below expectations’ in Europe

Google’s Android mobile OS is showing slow growth in Western Europe since its launch, according to analysts.

Noted analyst firm IDC has stated that while Android’s market share has grown in this region, from 4.2 per cent to 5.4 per cent in the July- September period, consumers are still shying away.

“Consumers steer clear of Google’s OS and sell-out is below everyone’s expectations. Consumers recognize the Google brand, but still do not understand what Android is,” IDC analyst Francisco Jeronimo.

Lack of awareness

“The lack of devices available didn’t help to raise awareness, though this is expected to change, with more handsets from LG, Samsung, Sony Ericsson, Motorola, and other vendors hitting the market soon.”

It’s worth noting that Android is still pretty nascent compared to other operating systems – it’s barely a year from release, and in relative terms, a 1.2 per cent increase in three months can be interpreted in a number of ways.

However, the number of ‘headline’ handsets has been minimal, with the Hero the main phone consumers will be familiar with. Android is still also early in the development stage, meaning elements consumers take for granted in other phones, such as full Bluetooth support, aren’t added until later in the development cycle.

Symbian – the operating system used for years by Nokia in its smartphones and more recently in Samsung and Sony Ericsson models – has 48 per cent of the market in Western Europe, but many predict this to decline as other competitors raise their game.

Windows Mobile is still the mainstay of the business market too, and although the iPhone and Android handsets are growing, it will take a larger range of more compelling devices to properly take on the established players and move Android from ‘Geek Chic’ to a genuine contender.


Yahoo, Microsoft finalize search deal

Yahoo and Microsoft have finalized their agreement to install Microsoft as the exclusive search provider for Yahoo’s network of sites, the companies announced Friday.

The deal, first reached in July, still needs to be approved by the U.S. government before it becomes final. But the companies said in October that they needed more time to complete the deal due to the “complex nature of this transaction,” and Friday’s announcement is likely the result of hundreds of hours of painstaking review from expensive lawyers.

At least company executives didn’t have to rack up the frequent-flier miles to finalize this year; they signed it virtually, with Microsoft’s Qi Lu and Yahoo CEO Carol Bartz representing their respective companies on the licensing agreement and Ballmer and Bartz inking the definitive agreement, according to sources familiar with the deal.

Under the terms of the deal, Microsoft will provide search technology to Yahoo for up to 10 years, also gaining access to Yahoo’s search technology assets and several hundred employees. It will then pay Yahoo a significant portion of the ad revenue generated alongside those searches.

A Yahoo representative declined to comment on the specifics of what held up the final approval of the deal. Both parties said they still expect the deal to become final in early 2010, although the government is sure to take a long hard look.


McAfee warns about ’12 Scams of Christmas’

Retailers aren’t the only ones gearing up for the holiday season. Criminals are also out in force.
To highlight the increased crime during the holidays, security company McAfee has come up with the “12 Scams of Christmas” ranging from bogus electronic greeting cards that deliver malware instead of cheer to fake charities that steal your money and your identity. It’s especially important to be extra careful this time of year, says McAfee’s David Marcus. “The bad guys know people are spending more time online, they’re paying more bills online so [the criminals] stand a chance of being a bit more successful this time of year.

In a podcast interview (scroll down to listen), Marcus counted down the 12 scams of Christmas starting with:

1. Charitable phishing scams: Marcus warns consumers to be wary of e-mails that appear to be from legitimate charities. Not only will they take your money and deprive charities of needed funds, but they will also steal your credit card information and identity.

2. Fake invoices from delivery services: During this period, scammers will send out fake invoices and delivery notifications appearing to come from Federal Express, UPS, the U.S. Postal Service or even the U.S. Customs Service saying that they were unable to deliver a package to your address. They ask you to confirm your address and give them credit card information to pay for delivery.

3. Social networking friend requests: Bad guys take advantage of this social time of year by sending out authentic looking friend requests via e-mail. Marcus recommends that you not click on those links but sign into Facebook and other services and look for friend requests from the site itself. Clicking on a link could install malware on your computer or trick you into revealing your password.

4. Holiday e-cards: Be careful before clicking on a holiday e-card, especially if it’s from a site you haven’t heard of. This is a way to deliver malware, pop-ups, and other forms of unwanted advertising. Some fake e-cards will look like they come from Hallmark or other legitimate companies, so pay close attention and make sure it’s from someone you know. If you’re going to send an e-card, be sure you’re dealing with a reputable service lest you risk infecting yourself and your friends.

5. Fake “luxury” jewelry: If you see an offer for luxury gifts from companies like Cartier, Gucci, and Tag Heuer at a price that’s too good to be true, it probably isn’t true. These links could lead you to malware and take your money or merchandise that will probably never arrive (or be fake if it does). Some of these sites, according to McAfee, even display the logos of the Better Business Bureau.

6. Practice safe holiday shopping. Make sure your wireless network is secure and be sure you’re shopping on sites that are secure. Though it isn’t an iron clad guarantee, you should look for the lock icon in the lower right corner of your browser and make sure the Web page starts with https. The “s” stands for “secure.”

7. Christmas carol lyrics can be dangerous: Bad guys know that people are searching for holiday related sites for music, holiday graphics, and other festive media. During this time, they create fraudulent holiday related sites.

8. Job search related scams: With the unemployment rate at 10.2 percent, there are plenty of job seekers looking for work. Beware of online offers for high paying jobs or at-home money making schemes. Some of these sites ask for money up front, which is a good way for criminals not only to steal your “set up fee” but misuse your credit card too. Marcus said that some “get rich quick” sites are all about money laundering, asking you to accept an inbound financial transfer and pay them.

9. Auction site fraud: McAfee has observed a rise in fake auction sites during the holidays. Make sure you’re actually going to eBay or whatever site you plan to deal with.

10. Password stealing scams: Criminals use low-cost tools to uncover passwords, in some cases planting key logger software to record keystrokes. Once they get your passwords, they gain access to bank accounts and credit card accounts and send spam from your e-mail accounts.

11. E-mail banking scams: A common type of phishing scam is sending out official looking e-mails that appear to come from your bank. Don’t click on any links but type in your bank’s Web address manually if you need to access your account.

12. Files for ransom: Hackers use malware to gain control of your computer and lock your data files. To access your own data you have to pay them ransom.

Bottom line–Don’t let the eggnog and holiday cheer keep you from using your critical thinking skills when you go online during the holiday season. And, of course, make sure your operating system is updated and that you’re using up-to-date security software.


Hands on: Office 2010 review

Office 2010 is due in a few months, but the beta release is available now. It has interface changes, bug fixes, one secret new feature – and although it’s still a long way from being finished, it shows much more clearly than the technical preview what you’ll be waiting for.

Like Windows 7, the Office line-up has gone on a diet; instead of six different versions, there are just three (for home users).

Office Home and Student 2007 sold a copy on Amazon every 90 seconds at its peak last year; the 2010 version has the same apps (Word, Excel, PowerPointand the under-rated OneNote) and the new Home and Business version has those apps, plus Outlook.

Office Professional 2010 includes Word, Excel, PowerPoint, OneNote, Outlook, Access and Publisher. There’s a free version of Office that you’ll only get on new PCs called Office Starter. This replaces the ageing Microsoft Works and gives you versions of Excel and Word without all the business features, plus a small ad for Office on the task pane (that doesn’t go away).

There are also new ways of buying Office; you can buy a “product card” with a licence key to unlock a trial copy of Office on a new PC (particularly useful for PCs with no optical drive) or you can install a streamed version called Click-to-Run.

We tested the business version, Office Professional Plus 2010 which has Access, Excel, SharePoint Workspace (the Groove replacement with added SharePoint features), OneNote, Outlook, PowerPoint, Publisher, Word and InfoPath (Visio and Project are still separate apps).

Some of the changes from the technical preview are small; others are more significant.

CNET Review


IBM: Computing rivaling human brain may be ready by 2019

According to IBM, ‘BlueMatter, a new algorithm created by IBM researchers in collaboration with Stanford University, exploits the Blue Gene supercomputing architecture in order to noninvasively measure and map the connections between all cortical and sub-cortical locations within the human brain using magnetic resonance diffusion weighted imaging. Mapping the wiring diagram of the brain is crucial to untangling its vast communication network and understanding how it represents and processes information.’

Computers capable of mimicking the human brain’s power and efficiency could be just 10 years off, according to a leading researcher at IBM.

According to the researcher, Dharmendra Modha, the manager of IBM’s cognitive computing initiative, scientists from his company and some of the world’s most prestigious universities have already managed to simulate the computing complexity of the feline cortex, a feat that could augur a day not too far off when it will be possible to ramp up to what the human brain can accomplish.

Last year, IBM and five universities were awarded a DARPA contract to work on a cognitive computing project aimed at eventually achieving that goal. Just a year later, Modha said, his team, working in conjunction with the universities’ scientists, have achieved two major milestones.

The first was a real-time cortical simulation that achieved more than 1 billion spiking neurons, as well as 10 trillion individual learning synapses. According to Modha, that exceeds what a cat’s cortex is capable of.

Second, the scientists created a fresh algorithm they’re calling BlueMatter that is aimed at spelling out the connections between all the human brain’s cortical and sub-cortical locations. That mapping is a critical step, Modha suggested, for a true understanding of how the brain communicates and processes information.

The human brain, Modha said, is fundamentally different from today’s computers in power and size, and he and the many scientists he is working with are eager to learn from the brain how to build new kinds of computing architectures. Part of the reason, he added, is that as our world gets more and more complex, a “tsunami” of data is being produced and analyzing those data demands “a new kind of cognitive system, a brain-like system, to make sense of it.”

To achieve the goal, Modha and his fellow scientists are combining supercomputing, neuroscience, and nanotechnology research to demonstrate what’s possible. The work they’ve done has progressed in just a year from the granting of the DARPA contract to today’s achievements.

Modha said that examples of what could be done with computers working at this scale are realistic analysis of the world’s water supply systems, or financial systems. The idea is to detect causality behind phenomena, and to make those connections quickly and effortlessly, the way the human brain works. Writing such a program using today’s computers would be impossible, he said, but these future computers would be able to quickly distill answers to these kinds of enormous problems.

There’s no promise, of course, that Modha and his colleagues will be able to advance the difference between the power of the cat and human cortexes in the next decade. After all, there’s a difference of a factor of 20 between the two. But he sounded optimistic that a decade is a realistic goal.

But regardless of the timing, the aim is clear: reverse-engineer the human brain and learn its computational algorithms. And then deploy them in a bid to solve some of the world’s most complicated computing problems.