Real Time Mobile GPS Tracker with Google Maps

This project describes how you can build a mobile real time GPS tracker with integrated Google Maps. I began this project mainly to see if I can integrate all the different pieces of hardware and software to make a workable solution, and it took some time, but finally when everything was said and done, it looked pretty cool. I tore down everything and rebuilt it from scratch, making detailed notes and documenting the process.
When I started building this, I didn’t have any particular application in mind, but now that I have built it, I can see myself using it different applications, particularly if I can get to lower the cost. Even if you didn’t have any application in mind, it would be a fun weekend project, you never know, you might find the knowledge gathered during the process useful one day in some form or other.
How it works?

Make your own motion sensor alarm with SMS feature

MikroEleketronika demonstrates how to build a simple home alarm system that has the capability of sending SMS to a predefined cell phone number when intrusion is detected. This project is based on StartUSB for PIC board, a small development board for PIC18F2550, which is preprogrammed with an USB bootloder so that no additional programmer is required to load the firmware. The SMS portion uses a SmartGM862 Board, which is a full-featured development tool for the Telit’s GM862 GSM/GPRS module. All the boards required for this project can be purchased as SMS Home Alarm Kit from mikroElektronika. A demonstration software for PIC is also available for free. They are offering free shipping now.

DIY home alarm kit

Asynchronous serial communication

The PIC16F628A microcontroller has a built in Universal Synchronous Asynchronous Receiver Transmitter (USART) hardware that allows to communicate with a wide range of serial devices such as memory chips, LCDs, personal computers, etc. The USART module has two modes of operation: synchronous (requires a synchronized clock between the transmitter and receiver) and asynchronous (no synchronization clock required). As the asynchronous mode is more popular, we will focus today’s lab session on this and will establish a two way serial data link between the PIC microcontroller and a PC.
Required Theory

Lab 12: Basics of LED dot matrix display

We covered how to interface seven segment LED displays to a PIC microcontroller in two sections: Lab 6 and Lab 11. Today, we will move on to interfacing an LED dot matrix display. LED dot matrices are very popular means of displaying information as it allows both static and animated text and images. Perhaps, you have encountered them at gas stations displaying the gas prices, or in the public places and alongside highways, displaying advertisements on large dot matrix panels. In this experiment, we will discuss about the basic structure of a monochrome (single color) LED dot matrix and its interface with a microcontroller to display static characters and symbols. We will cover the animation stuff in next tutorial. I am using the PIC18F2550 microcontroller on the StartUSB for PIC board for demonstration, but this technique is applicable to any other microcontrollers that have sufficient I/O pins to drive the LED matrix.

PSN hackers claim to have 2+ million credit card numbers

The PlayStation Network hack is now considered to be one among the biggest data thefts of all time, and according to the claims made by the alleged hackers on underground Internet forums, it seems that some 2.2 million credit card numbers were, indeed, stolen.


Security researchers have been sifting through the hacker forums and say that there has been talk of the hackers contacting Sony in order to sell back the credit card list to the company for $100,000, but that Sony didn't respond to the offer.

Whether the claims are true or not it is impossible to tell. "The entire credit card table was encrypted and we have no evidence that credit card data was taken, said Sony. "The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,”said security consultant Mathew Solnik for The New York Times.

Also, even if the data is encrypted, it doesn't mean that it can't be decrypted by the attackers, and Sony didn't offer any details about the encryption method used. Although, if the hackers managed to break it, I doubt they would be trying to sell the list back to Sony. On the other hand, they could always sell it to other criminals who know how do it.

Sony has advised PS users to keep a close eye on their financial statements in order to spot a fraudulent transaction as soon as it happens.

DSL Reports intrusion compromises over 9000 accounts

DSL Reports - the information and review site on high speed Internet services which operates over 200 forums - has been hit with a blind SQL injection attack, which resulted in the compromise of at least 9000 accounts.

Founder Justin Beech posted a notification about the intrusion on the forum dedicated to the site, in which he specified that no login names, zip codes and private posts were compromised.

The attack went on for four hours on Wednesday and it was blocked before it had completed more than 8% of its work. All the same, the attackers managed to obtain a large number of email/password pairs.

"The ones they obtained were basically random. So they cover the entire 10 year history of the membership but sprinkled randomly. Some are very old accounts, some are new accounts, some inactive or deleted," says Beech.

"I identified the newest accounts, those that were obtained and have logged in over the last 12 months, and have alerted those by email. Older inactive accounts involved are also being notified by email now, although the older the account, the less likely the email is still current, or the password they used is still useful."

Once the intrusion was detected, stopped and the extent of the compromised accounts has been discovered, passwords for those accounts have been reset. Beech urges the users who received the notification to change their password and to do the same on accounts for other sites (Gmail, PayPal, Facebook, etc.) on which they used the same email/password combination.

"Obviously having both an sql injection attack hole (now closed) and plain text passwords is a big black eye, and I'll be addressing these problems as fast, but as carefully, as I can," promises Beech. 

Firefox 4.0.1 fixes several security issues

Mozilla released Firefox 4.0.1 that fixes several security issues as well as stability issues.


Miscellaneous memory safety hazards
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

WebGLES vulnerabilities
Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature and fixed in Firefox 4.0.1. In addition the WebGLES libraries could potentially be used to bypass a security feature of recent Windows versions. The WebGL feature was introduced in Firefox 4; older versions are not affected by these issues.

XSLT generate-id() function heap address leak
The XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.

Rapid adoption of hosted email compliance

Financial institutions are rapidly moving to hosted email compliance and storage services to deal with increasing costs, risks and regulations, according to a study conducted by Forrester Consulting.


The poll of 187 executives with responsibility for compliance, messaging and legal risk mitigation indicates that financial services firms that once relied on in-house software are now moving to hosted solutions.

The cost of meeting new regulatory mandates is a major issue, the study says. More than 60 percent of the respondents polled say that their shift to cloud-based solutions is driven by the promise of lower total cost of ownership (TCO), faster deployments and easier management than on-site deployments. Half of the financial services firms polled say they plan to use hosted compliance solutions by 2012.

Key findings of the survey include:

Financial services firms struggle with eDiscovery and data privacy - 55 percent of respondents describe complying with data privacy laws as challenging. Also, decision-makers report significant difficulties in meeting litigation requirements, recording and archiving obligations, employee communications monitoring needs and other regulatory requirements.

Compliance challenges are multi-faceted - Edging out concerns about cost, 75 percent of the financial services decision‐makers surveyed highlight concerns about reputational damage in conjunction with regulatory oversight and investigations. Respondents also cite major concerns with compliance-related application integration and lengthy response times.

Financial services firms focus on a broad set of content for compliance - In addition to email, organizations perceive file shares, physical records, line-of-business applications, mobile messaging and a wide range of other content types and applications to be critical for regulatory purposes.

Researchers crack Nikon image authentication system

Credibility of photographic evidence may be extremely important in a variety of situations. Courts, news agencies and insurance companies may accept digitally signed photographs as valid evidence. If such evidence is forged, consequences can be severe. The most famous fakes include cases of fraud committed by enthusiast photographers, photo journalists, editors, political parties, and even the US Army.

ElcomSoft researched Nikon’s Image Authentication System, a secure suite validating if an image has been altered since capture, and discovered a major vulnerability in the manner the secure image signing key is being handled. In turn, this allowed the company to extract the original signing key from a Nikon camera.


The vulnerability, when exploited, makes it possible to produce manipulated images with a fully valid authentication signature. ElcomSoft was able to successfully extract the original image signing key and produce a set of forged images that successfully pass validation with Nikon Image Authentication Software.

When designing a digital security system, it is essential to equally and properly implement all parts of the system. The entire system is only as secure as its weakest link. In the case of Nikon’s Image Authentication System, the company has not done at least one thing right.

The ultimate vulnerability lies in the way the image signing key is being handled. As the signing cryptographic key is handled inappropriately, it can be extracted from the camera. After obtaining the signing key, one can use it to sign any picture, whether or not it’s been altered, edited, or even computer-generated. The signed image will then successfully pass as a valid, genuine piece when verified by Nikon Image Authentication Software.

The vulnerability exists in all current Nikon cameras supporting Nikon Image Authentication, including Nikon D3X, D3, D700, D300S, D300, D2Xs, D2X, D2Hs, and D200 digital SLRs.

ElcomSoft has notified CERT and Nikon about the issue, and prepared a set of digitally manipulated images passing as originals when verified with Nikon’s secure authentication software. Nikon has provided no response nor expressed any interest in the existence of the issue.

Page-integrated encryption for protecting credit cards on the web

Voltage Security announced a new encryption breakthrough for protecting personal data entered by consumers on web pages called PIE for Page-Integrated Encryption.


The company also announced Voltage SecureData Web, a new data protection solution that uses the PIE encryption protocol, designed for e-commerce merchants struggling with protecting PAN (primary account number) data exchanged in web-based transactions and reducing PCI DSS audit scope in web applications and infrastructure.

PIE is particularly useful for e-commerce and other cloud-based applications that use confidential personal information such as credit card numbers, social security numbers and the like.

It leverages the patented Voltage Format-Preserving Encryption, which ensures that data retains its format and semantics upon encryption, this means minimal changes to existing systems resulting in overall lowered costs for protecting data end-to-end.

“Voltage is giving e-commerce merchants a better perimeter than they’ve had before,” commented George Peabody, director, Emerging Technology Advisory Services, Mercator Advisory Group. “There are no silver bullets in payments security, but this is a much-needed step forward for the industry.”

“The rapid adoption of cloud computing and mobile applications is compounding data protection problems,” said Judith Hurwitz, president and CEO of Hurwitz & Associates. “Business boundaries no longer exist and a lack of transparency compounds security risks for companies.”

Millions stolen from U.S. businesses wired to Chinese companies

Small-to-medium sized businesses and public institutions are being targeted by fraudsters that compromise corporate banking credentials and transfer corporate funds to Chinese economic and trade companies located near the Russian border, warns the FBI.


In a fraud alert issued by the Bureau and compiled with the help of FS-ISAC and IC3, the feds explain that twenty such incidents have been identified since March 2010, and that the total attempted fraud amounts to approximately $20 million, but that the actual victim losses are $11 million.

The attachers typically acquire corporate banking credentials via phishing or by tricking an employee into installing information stealing malware such as the ZeuS and Spybot Trojans or a backdoor that allows them to access the computer remotely.

"When the authorized user attempts to log in to the user’s bank Web site, the user is typically redirected to another Web page stating the bank Web site is under maintenance or is unable to access the accounts," says in the fraud alert. "While the user is experiencing logon issues, malicious actors initiate the unauthorized transfers to commercial accounts held at intermediary banks typically located in New York. Account funds are then transferred to the Chinese economic and trade company bank account."

These Chinese companies are all located in the Heilongjiang province in the People’s Republic of China - near the Republic's border with Russia - in port cities such as Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning.

The names of these companies usually include in their name the name of the port city in which they are registered, and often also use words such as “economic and trade,” “trade,” and “LTD.” They appear to be legitimate businesses, and have bank accounts with the Agricultural Bank of China, the Industrial and Commercial Bank of China, and the Bank of China.

"The unauthorized wire transfers range from $50,000 to $985,000. In most cases, they tend to be above $900,000, but the malicious actors have been more successful in receiving the funds when the unauthorized wire transfers were under $500,000," explains the FBI. "In addition to the large wire transfers, the malicious actors also sent domestic ACH and wire transfers to money mules in the United States within minutes of conducting the overseas transfers. The domestic wire transfers range from $200 to $200,000."

Whether these bank accounts are the final destination of the wired money is unknown. The FBI urges financial institutions to keep a close eye on money transfers to companies located in those Chinese cities - especially when their clients have had no prior transaction history with these companies.

Malicious use of subdomain services surges

The malicious use of subdomain services by phishers nearly doubled in the second half of 2010, with phishing gangs using these services about as often as they register domain names, according to the Anti-Phishing Working Group (APWG).


Subdomain registration services give customers subdomain “hosting accounts” beneath a domain name the provider owns. These services are sold, managed, and regulated differently from regular domain names. There were 11,768 phishing websites hosted on subdomain services in the second half of 2010, up 42 percent from the first half of 2010, accounting for the majority of phishing in some Top Level Domains (TLDs).

The increase during the half was notable, as this number had generally remained stable since the second half of 2008.

The 2H2010 total is slightly less than the 12,971 phish found on maliciously registered domain names purchased by phishers at regular domain name registrars in 2H2010. If included in the total of conventionally established domain names, abusive subdomain names would comprise some 22 percent of all domains deployed for phishing attacks.


Over 40 percent of attacks using subdomain services occurred on CO.CC, based in Korea, despite the fact that CO.CC is generally responsive to abuse reports. Phishers are probably attracted to CO.CC because CO.CC registrations are free, easy to sign up for, come with DNS service, and there are features to assist with bulk signups. As of this the publication of the report, CO.CC supports more than 9,400,000 subdomains in more than 5,000,000 user accounts.

The report also reveals that two free services were heavily abused by phishers in order to create phishing sites: the .TK domain registration service and the CO.CC subdomain service. Nearly 11 percent of all phishing attacks utilized these relatively little-known services.

Other findings in the report include:

• In 2H2010, the average and median uptimes of all phishing attacks spiked significantly from previous periods, and were higher than any time period since the authors began taking uptime measurements three years ago.
• Phishers are attacking Chinese e-commerce sites and banks aggressively, and are distinguished by preferentially registering new domain names, rather than using compromised Web servers like most phishers do.
• Shutting down the availability of .CN domain names did not stop phishing that victimizes Chinese Internet users and Chinese institutions. Rather, it seems to have merely shifted the phishing to other top-level domains.

Sony PlayStation Network compromised

A week after shutting down its PlayStation Network (PSN), Sony has finally come clean and admitted that its 70 million users’ personal information has been compromised - including names and addresses, dates of birth and passwords. The company is also warning that hackers could well have gained access to users’ credit card details.


“One of the most alarming aspects of this latest major breach is the time it has taken Sony to reveal the extent of the damage”, said Ross Brewer, VP and MD, international markets, LogRhythm. “Compromised user accounts were discovered as early as 17 April and PSN was closed down last Wednesday, yet it has taken seven days to warn users that they are now at increased risk of email, telephone, and postal mail scams, as well as credit card fraud.”

The PSN breach joins Epsilon, Play.com and Lush as the latest in a long line of high profile security incidents to affect end user data.
The regularity with which they occur suggests issues in distinguishing malicious from legitimate behavior - an issue highlighted recently by security minister Baroness Neville Jones when she claimed that many organizations miss security threats because they do not know enough about their own systems to understand what normal functioning looks like.

Sony will more than likely claim that the delay was due to attempts to protect customers while investigations continued, however, like many organizations today, the truth is more likely that adequate log management and forensic analysis was not employed.

This kind of protective monitoring is now essential as traditional security products are failing to prevent initial intrusions – organizations require solutions that can analyze 100 percent of logs, provide accurate correlation of events and a real insight into the root cause of incidents across IT networks.

An incident this size is sure to have significant repercussions for Sony. Relations with existing customers have been damaged and its ability to attract new ones reduced. Recent LogRhythm research found that that 66 percent of UK customers try to avoid future interactions with organizations found to have lost confidential data, while 17 percent resolve never to deal with them again.

WordPress 3.1.2 security release available

WordPress 3.1.2 is now available, it's a security release for all previous WordPress versions.


This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts.

Fixes:

• Fix user queries ordered by post count.
• Fix multiple tag queries.
• Prevent over-escaping of post titles when using Quick Edit for pages.

90% of organizations have problems with password resets

With increasing numbers of remote and mobile workers, and more and more complex passwords to remember to log onto corporate networks, employees often need to contact IT support helpdesks to reset their forgotten passwords.


HTK has surveyed IT first, second and third line support managers and team leaders from a range of sectors, and found that 90% of organizations are faced with problems when it comes to password reset issues; with 5% claiming that it placed a huge drain on resources.

“Based on our previous discussions with CIOs - who typically didn’t perceive password resets as a problem - we decided to survey those in IT support who are dealing with password resets on a daily basis,” said Marlon Bowser, CEO of HTK. “The results throw up an interesting disparity in perceptions between a company’s CIO and IT support staff, with those working on the ground reporting that password-related activity takes up valuable time and resources.”

The results - from sectors including high-tech, manufacturing banking, media and marketing - also show that 82% of organizations require their users to change their passwords quarterly or more frequently.

Despite this and various analyst reports that put the average cost to the help desk per manual password reset at anything between £30 and £50, the survey also found that 79.5% of companies still do not have an automated password reset service, such as online or IVR. And in today’s increasingly flexible workplace, it is surprising that 60% don’t offer any out-of-hours support in the case of forgotten passwords.

There are web-based options for password resets, but 67.5% had reservations about these solutions because they were either not secure enough, too complicated or because users would need web access (and a forgotten system password often means no access to the web.) However, 65% said that, if reliably deployed, biometrics or voice print technology would probably or definitely play an increasing role in IT security.

Other interesting findings from the survey:

• Of the 42.5% of respondents that found certain times of year busier for password resets, 86% thought it was busier after holidays and long breaks away.
• Password resets cause the manufacturing, banking and media and marketing sectors the most problems.
• In organisations with a 1,000+ user base, 100% of respondents felt that password resets cause IT support at least somewhat of a problem, with over 10% saying that they caused a huge drain on resources.

GFI Software adds SharePoint log management to GFI EventsManager 2011

GFI Software announced it has added enhanced security and compliance features to GFI EventsManager 2011, including Microsoft SharePoint log management, and auto-update patch management capabilities.


GFI EventsManager enables IT administrators to meet a broad array of network and data security, regulatory compliance, business continuity and e-discovery requirements by monitoring, logging and analyzing all events occurring on a network. The latest version of GFI EventsManager applies these same log monitoring and reporting capabilities to SharePoint environments.

Without a solution like GFI EventsManager and LOGbinder SP, administrators have no easy way to monitor SharePoint activity. While SharePoint offers an audit log solution, many organizations require more robust capabilities such as matching users to specific events and generating detailed reports and audits.

GFI EventsManager 2011 enables administrators to more effectively monitor SharePoint, preventing data leaks, minimizing downtime, and ensuring compliance and security practices are enforced.

LOGbinder SP - a Windows-based service that can be installed on any SharePoint server - monitors SharePoint events and translates that activity into a Windows event log. GFI EventsManager then collects the events generated by LOGbinder SP and archives the logs into one centralized database for easy management and analysis.

The new version of GFI EventsManager also includes an auto-update feature, which frequently monitors for product updates and automatically downloads and installs them.

Katy Perry feat Kayne West

[WiFi] How to: Crack WPA/WPA2 PSK (aircrack-ng & cowpaty) [Backtrack4]

Passively Monitoring Wireless Traffic With Wireshark and Aircrack-ng

This is a small video that i used for a demonstration during the University of Abertay Dundee Ethical Hacking Society. I thought i would upload it rather than leaving it on my hard drive. Basic idea and nothing too exciting. Locating a wep enabled AP, passively decrypting and monitoring the data sent via wireshark. Its a very simple procedure and should be used only for educational purposes.

New York Earth Day celebrates with "virtual" forests

A "virtual" forest sprouting on Times Square's renowned billboards, 1,000 free rain barrels for gritty city backyards and a parade of clean energy vehicles including hybrid garbage trucks are all helping New Yorkers go green for Earth Day on Friday.
Earth Day New York's managing director Joanne Black said accompanying giant forest images of dense vegetation and nature in the quintessential lit-up, crowded and chaotic urban landscape of Times Square will be "a visual call to action."
On Saturday, supporters of the environment can text message "tree" to the number 85944, pledging $5 for the United Nations' Year of Forest. The running tally will play out on large screens supplied by corporate sponsors including CNN, MTV, Reuters and Toshiba.
The onetime $5 dollar donation will be debited from cell phone bills to fund the planting of trees in degraded lands as far afield as Mexico, Kenya, India and the Philippines.
"It's rare for so many companies to give up their screens," Black said of the colossal, often dazzling billboards that hover above the so-called crossroads of the world and are seen by tens of thousands of people daily. "For this, they have."
"We hope to engage a broad segment of the public and show that even a small contribution can really make a difference," Earth Day New York Executive Director Pamela Lippe said.
Although the Times Square Alliance does not keep a figure on the total amount of electricity used by the billboards - which are run independently of one another - a spokesman said the billboards used today run on considerably less energy than those used in previous years.
On Friday, a convoy of more than 30 electric and alternative fuel cars, including an Inizio, the world's fastest electric sports car, will tour Manhattan, their GPS-tracked progress followed on the Times Square screens.
The route will form the letter "E" -- for environment, a take on Earth Day New York's slogan, "Be the E".
Hybrid vehicles from the city Departments of Transportation, Parks, and Sanitation will escort the Inizio, along with a privately owned, completely electric DeLorean similar to the one featured in the "Back to the Future" films.
New York's myriad Earth Day celebrations come as Mayor Michael Bloomberg's administration moves to make the city, often seen as grimy and polluted, more environmentally friendly and sustainable.
On Thursday, Bloomberg announced several additions to his long-term "PlaNYC" campaign to make the city greener, including a "clean heat" campaign to encourage conversion to cleaner fuels in favor of heavy heating oils which pollute the air with fine particular matter known as PM 2.5.
Officials say a 10 percent reduction in PM 2.5 could prevent 300 deaths, 200 hospital admissions and 600 emergency department visits from airborne pollution each year.
The free rain barrel program for residents of the four boroughs outside Manhattan began last week and is meant to help fight water contamination by minimizing flow to city sewers.
Officials hope homeowners will use them to water their lawns and gardens.

Apple to beat Google on cloud music: sources

Apple has completed work on an online music storage service and is set to launch it ahead of Google Inc, whose own music efforts have stalled, according to several people familiar with both companies' plans.
Apple's plans will allow iTunes customers to store their songs on a remote server, and then access them from wherever they have an Internet connection, said two of these people who asked not to be named as the talks are still confidential.
The maker of the wildly popular iPhone and iPod, Apple has yet to sign any new licenses for the service and major music labels are hoping to secure deals before the service is launched, three of the sources said. Apple has not told its music partners of when it intends to introduce its music locker, they said.
An Apple spokesman declined to comment.
Amazon.com Inc launched a music locker service earlier in April without new licensing agreements leading to threats of legal action from some music companies. At the time, Amazon argued that its so-called Cloud Drive service does not need licenses, and said uploaded music belongs to the users.
Last week, however, Amazon held talks with some labels to reach agreements for a new, more sophisticated locker service.
Apple, Amazon and Google are battling for control of new digital media platforms through which everyday users will access their music and videos.
While Amazon is the leading e-reader maker, Apple and Google are competing on mobile platforms like smartphones and tablet devices.
Google had been expected to launch a music service as a feature of its Android mobile operating system as far back as last Christmas.
"They keep changing what they're asking for," said a label executive who asked not to be named because the talks are confidential.
Two of the sources said Google originally wanted to launch a basic locker service and an 'iTunes-like' store. In recent weeks it has suggested exploring licensing for a subscription service, they said.
Talks are ongoing with major music labels including market leader Universal Music Group, owned by Vivendi, as well as Sony Corp's Sony Music Entertainment, Warner Music Group and EMI Group.
Music industry executives are pointing to changes in top management at Google as a possible reason for the technology company's uncertain music strategy. On April 1, co-founder Larry Page took over as chief executive with Eric Schmidt moving up to executive chairman. Android chief Andy Rubin led most of the early talks with the labels.
Apple and Google are keen to offer services that give music fans more flexibility to access their media wherever they are rather than tying them to a particular computer or mobile device.
In late 2009, Apple bought Lala, a cloud-based music company, but closed it down in April 2010, leading to speculation that it would launch an Apple-branded cloud service.
Earlier this month, Google bought Canadian mobile music company PushLife as part of its drive to help Android users share and purchase content across devices. Last May, Google also bought Simplify Media, a remote media company, but has since closed it down.

GFI VIPRE Antivirus integrated into OPSWAT MetaDefender

OPSWAT has added GFI VIPRE Antivirus technology to its MetaDefender solutions portfolio. OPSWAT enhanced its malware detection capabilities by incorporating the award-winning VIPRE Antivirus engine into its MetaDefender Threat Analyzer, MetaDefender for Media and Metascan products.


VIPRE Antivirus protects users from all types of malware threats including viruses, adware, spyware, worms, and rootkits. Through ATG, GFI licenses the VIPRE Antivirus engine and other industry leading security detection and analysis tools to OEMs, ISVs, service providers, enterprises and government agencies worldwide. ATG partners incorporate GFI technologies for use in the products they develop for resale or as critical components of their own internal IT security practices.

“The MetaDefender products will help introduce VIPRE Antivirus to OPSWAT’s diverse customer base, which includes FORTUNE 500 companies, government agencies and leading hardware and software producers,” said Chad Loeven, vice president, Advanced Technology Group, GFI Software. “Malware detection is of paramount concern for these companies, but it is rarely a core competency. That’s why they rely on GFI’s Advanced Technology Group and our partners to integrate VIPRE into their own products and systems.”

ATG’s specialized threat analysis and defense solutions include:

GFI Sandbox – An industry leading analysis tool that enables security professionals to assess suspected malware, its behavior and its potential threat within a controlled, monitored environment. GFI Sandbox enables users to see how potential malware applications execute, what system changes they will make and what network traffic they attempt to generate without risking actual loss of data or compromising a network. GFI Sandbox is used by government and defense agencies, as well as large enterprises like financial institutions to identify and defend against targeted attacks on their systems.

GFI ThreatTrack – Continuously updated data feeds generated by GFI’s extensive partner network and internal research provide subscribers with the latest malicious websites, IP addresses and malware. ThreatTrack users proactively identify and defend against harmful URLs, emails and other Internet traffic threatening their network. ThreatTrack is available as a stand-alone data feed, or it can be licensed for inclusion in third-party security products or as an add-on service with GFI Sandbox.

VIPRE Antivirus SDK – A powerful, best-of-breed antimalware Software Development Kit (SDK) that enables OEM partners, ISVs, service providers and enterprises to integrate the VIPRE Antivirus engine into their products or custom applications developed for internal use. The VIPRE Antivirus SDK is available for Windows desktop applications and gateway appliances defending the network.

Encrypted text messaging for BlackBerry and Android

ProtectedSMS enables BlackBerry and Android users to exchange secure, encrypted text messages with individuals who have installed the software.


Unlike other secure texting solutions that require a subscription through a third-party security gateway, ProtectedSMS is a handset-to-handset solution that keeps privacy in the control of users and works across all networks and carriers. It installs quickly and is as easy to use as sending a text message.

Developed for law enforcement, government and corporate professionals who require secure and convenient message protection, ProtectedSMS utilizes AES 256 FIPS 140-2 compliant encryption, and is available via individual and enterprise licenses.

Protected Mobility's key management and encryption process enables easy transfer of existing client applications to a secure mobile platform. An iPhone version of ProtectedSMS will be available later in Q2 2011 along with tablet and iPad versions.

Individual licenses are $49.95 per user, with a free 14-day download available here.

Facebook announces two-factor authentication

Facebook will be rolling out the two-factor authentication option which, once turned on, will ask users to insert a code when they try to log into the social network from a new device. No details were shared on when the option will be available to all or how it will look.

The news was announced by Facebook's director of engineering Arturo Bejar on the company blog, along with the change that will make Facebook automatically switch the user's session back to HTTPS after he or she is done using an application that doesn't support it.

As you might remember, when Facebook offered the HTTPS option in January, it took only a few weeks for a glitch that automatically deselects the secure browsing option to be unearthed. Hopefully, this improvement will mark the end of those problems.

Although, judging by the comments under the post, there are many who still believe that the HTTPS option - which is still opt-in - should be set to default, even if it interferes with some of the things Facebook offers.

Android and iOS downloadable Microsoft PlayReady-based DRM solution

AuthenTec announced the first Microsoft PlayReady-based downloadable DRM client solution for Android and iOS devices.

The offering is now part of its Downloadable DRM Fusion Agent being deployed as a downloadable application that can be distributed by various application stores.

The solution supports file-based PlayReady protection including progressive downloads, and PlayReady-protected adaptive video streaming to support both Smooth Streaming and HTTP Live Streaming. AuthenTec also offers PlayReady servers with content packaging tools to provide an end-to-end PlayReady-based DRM solution.

DRM Fusion Agent, already deployed by major mobile operators around the world, allows operators to deploy secure content services and to limit license fees only to clients who opt for premium services, reducing DRM implementation costs and time to market.

It also enables media companies and high-value content providers to more quickly achieve revenue from service deployment by eliminating dependence on mobile phone and device manufacturers for embedded DRM protection. AuthenTec’s solution allows distributing protected high value content in a single uniform and secure way for all the supported platforms and devices.

AuthenTec offers content protection and packaging, licensing and key management for multiple mobile device platforms and operating systems. The company offers complete security solutions for the mobile market including embedded and downloadable DRM content protection, mobile VPN client solutions, identity management software, and smart fingerprint sensors that are used in more than 15 million mobile phones.

Microsoft PlayReady is a content access and protection technology designed to support a wide range of digital entertainment content, products, services, and devices. PlayReady technology is optimized for the mobile industry to support the growth of online content scenarios, and includes features designed to make it easier than ever for consumers to enjoy mobile digital entertainment

Carder pleads guilty to hacking and selling stolen card numbers

A carder and hacker that has been arrested in 2009 by the Secret Service for trying to sell 40 stolen card numbers to one of their undercover agents, has pleaded guilty to access device fraud and aggravated identity theft charges.

The 26-year-old Georgian native Rogelio Hackett, Jr., has admitted that he has been selling credit card numbers online on IRC and a variety of criminal forums, and that he hacked into the servers of an online ticket seller and stole information on some 360,000 credit card accounts.

According to Wired, he said that he had been hacking computers since the late 1990s, but begun to do it for profit around 2002.

When the authorities searched his home after the arrest, they found over 675,000 stolen credit card numbers in his possession. He was selling the numbers for $20-$25 a piece, and over the years he earned himself more than $70,000 this way. He also managed to collect $80,000 via Western Union money orders placed by collaborators by using the stolen card numbers.

The investigators have calculated that the total sum stolen from the stolen credit card numbers found in Hackett's home reaches $36 million.

Hackett is facing 10 years in prison and a $250,000 fine for the access device charge, and two years in prison and $250,000 fine for the identity theft charge. Sentencing is scheduled for July 22.

PS3: a resounding success to Xbox 360 and Wii

The game console from Sony Playstation PS3 seems to know aresounding success with sales figures that would exceed that of theNintendo Wii and Xbox 360 from Microsoft. The success of thePlaystation PS3 also comes with the new motion-sensing controllerPlayStation Move allegedly sold 8 million copies over the last 6months. PS Move, for sale since September 2010, is nowcompatible with over 150 games. The Japanese manufacturer Sony will soon complete its offer with highly anticipated outputs such asSocom 4 U.S. Navy Seal.

Chinese Facebook, Renren, shoots for U.S. IPO

China's largest social network, Renren, filed for a U.S. initial public offering to raise up to $573.1 million, the first of a clutch of Facebook clones hoping to boost their profile with an American listing.

Renren, owned by Oak Pacific Interactive, hopes to tap strong appetite for Chinese tech stocks. Online video company Youku.com Inc, known as China's YouTube, surged 161 percent on its debut late last year, locking in the best first-day returns of an IPO in five years.

China's Internet sector -- the world's largest by users -- is red hot because it is difficult for outside competitors to overcome the political and cultural barriers to operate there, but some analysts warn of a bubble forming.

Renren's website -- sporting some 117 million registered users -- is similar to Facebook's as it allows users to share locations with friends, "like" something and post updates.

Sources have said that rival social network Kaixin001 also plans to list, but has not gone through the process of selecting banks.

Social networking sites have grown in popularity in China in recent years, gaining most of their revenue from online advertising. They benefit from an ecosystem closed to major foreign competition, with Facebook and Twitter banned in the world's second-largest economy.

But the market is getting increasingly competitive with more than 100 social networking sites operating.

Two social networking sites shut in 2010 due to cash flow issues, local media reported. The industry is also fraught with regulatory and legal risks as China seeks to control the flow of information online.

Renren and some of its shareholders are offering about 52.1 million American Depository Shares (ADS). The company expects the IPO to be priced at between $9 and $11 per ADS.

It intends to list on the New York Stock Exchange under the symbol "RENN". Underwriters for the IPO include Morgan Stanley, Deutsche Bank Securities and Credit Suisse.

In the filing, Renren said its website had about 117 million activated users as of March 31, 2011.

Oak Pacific also owns Nuomi, a website featuring daily deals similar to the popular U.S. website Groupon.

In 2010, Renren had revenue of about $76.5 million and a net loss from continuing operations of $61.2 million including some charges.

Apple updates Safari, MacOS X and Xcode

When Apple updates its products, it does not half! Thursday evening, the Cupertino company has posted updates for Safari, now in version 5.0.5, Snow Leopard, Leopard, in both client version andserver version, but also launched the latest of alliteration its tool fordevelopers, Xcode 4.0.2.

These updates are designed primarily to enhance the safety ofdifferent Apple products and are available with regard to softwarefor computers, either via the system update of Mac OS directly on the site of Apple Safari.

Office workers clueless about IT in general

Many office workers are not as tech or security aware as they could be, according to a new survey. When asked what cloud computing meant, a quarter thought it was a data centre in the sky. A fifth thought it was something that Microsoft advertises, 10% global warming caused by overheating computers and 10% guessed it was a trendy club in SoHo.


Only 35% or respondents of an Infosecurity Europe survey thought it was a new way to access IT services over the internet.

In answer to the question ‘What makes smartphones smart?’ a third of commuters thought it was because they look really cool, 46% correctly said it was because they can run applications and also email and web browsers, 9% said it was because they use artificial intelligence. A small minority said it was because smartphones can tell the time in 137 languages or contain nanobots.

When asked what Android is, a third said a new science fiction movie, 10% a new robot invention and 17% said it was Darth Vader’s father! Only 4 out of 10 people correctly said it was an operating system for mobile phones.

Claire Sellick, Event Director for Infosecurity Europe said, “It was surprising that when asked what a computer cracker was, a fifth thought it was a new food for technology freaks, a third a powerful new computer chip, and a few said it was slang for a cocaine user. Only 46% gave the correct answer of someone who breaks into computer systems illegally. Those on the dark side of IT often prey on peoples ignorance.“

Many commuters also did not have a clue about malware either as a third thought it was a new form of advertising on mobile phones, and a fifth clothes made from recycled materials. Only 30% said it was
software designed to harm their computer, and the rest said it was a viral infection.

When asked about how they use phones for work, 90% of people said they now have work related information, saved on their home computer or personal mobile and 81% said they kept sensitive information from their employers on their personal mobiles. Only 4 out of 10 said the data was protected by encryption. Half of people knew the password for their phone, whilst a third did not use one and 17% could not remember what it was.

When asked whose data they thought was most important to protect, four fifths said their own data and only 16% said sensitive customer data, and 5% their employer’s data.

Many found defining “Consumerisation of IT” tricky, the majority thought it was buying too many computers, iPhones, iPods, games, televisions and gadgets. A fifth were nearly correct in answering, ‘it was consumers who make their own IT’. A few thought it was using up all their computers disk space. Just 22% gave the correct answer of “People using their own IT at work as it is better than their employers”.

A third thought virtualization, was a 3D game, 22% a new way of problem solving and 12% a form of hypnosis. A third correctly identified virtualization as the creation of a virtual version of hardware, software or an operating system.

The survey of multi choice questions was carried out with 1000 business commuters at London Victoria, Kings Cross, Liverpool Street train stations in April 2011.

Asure ID 7 released

HID Global released Asure ID 7, the latest update to its card personalization suite of software.

Asure ID 7 includes new features and enhancements to the user interface, while still utilizing a Microsoft Ribbon look and feel that is built on the Microsoft .NET technology platform for stability and interoperability.


New features include the addition of Swift ID template importing, resin panel capabilities, iCLASS encoding support and an industry-unique feature which automatically notifies users of updates. Significant enhancements have been made to the reporting engine and to the iDIRECTOR module that allow users to build custom reports and easily integrate unique applications to both iCLASS and MIFARE cards.

Asure ID 7 includes four versions tailored to the various needs and sizes of an organization:

Asure ID Solo - Easy to use and perfect for entry-level card personalization, Solo is loaded with useful features to improve the issuance and basic management of photo IDs.

Asure ID Express - The ideal choice for organizations looking for affordable photo ID card software with advanced card design and batch printing capabilities.

Asure ID Enterprise - Featuring Live Link for large organizations that require multiple workstations to share a common database over a network in real time.

Asure ID Exchange - Designed for the most sophisticated secure credential applications combining Live Link advanced database support and iDIRECTOR technology card design for smart card deployment.

Endpoint backup, recovery and data security

i365 launched EVault Endpoint Protection (EVault EP), an integrated cloud-connected backup, recovery, and data security solution that protects endpoint devices.


EVault EP not only automates laptop backup and recovery, but also helps you control the valuable data spread across your mobile workforce through powerful security capabilities, including local file encryption, remote data deletion, port access control and device tracing if a laptop is lost or stolen.

Laptops are ubiquitous in organizations but have a high risk of loss or theft. EVault EP allows you to lock down data on every PC and laptop, ensuring critical corporate information is secure when a device disappears. As a cloud-connected solution, endpoint data is automatically backed up to the Cloud and can easily be recovered by end users.

The solution offers policy-based centralized administration and self-service management to help IT attain that perfect balance of corporate control and end user independence.

EVault Endpoint Protection features and benefits include:

1. Endpoint data lockdown

• Keep data safe: Disk encryption and port access control shuts down data leakage.
• Track the PC down: Device tracing monitors laptop communication with the protection server.
• Wipe it clean: Remote data deletion permanently “shreds” sensitive information if a laptop has been lost or stolen (on command or by policy).

2. Worry-free backup and self-service recovery

• Continuous backups protect endpoint data without disrupting users.
• Friendly, simple interface lets end users quickly handle their own backups and recoveries without having to contact IT.
• Local availability of the backups ensures that, even when a laptop user is disconnected, EVault EP keeps working.
• Cloud-Connected solution automatically moves data offsite for business continuity and disaster protection.

3. More oversight, less overhead

• Centralized policy-based administration allows IT to deploy and manage a solution that won’t drain its resources: staffing, network, hardware or storage.
• No data block is backed up twice. Block-level incremental backups with global de-duplication minimizes bandwidth usage and storage footprint.
• Cloud solution frees up storage, compute and staffing resources.

“EVault Endpoint Protection is the next chapter of our EVault Cloud-Connected data protection story, extending protection to the very edge of the organization – the mobile worker,” said George Hoenig, vice president, product operations and services, i365. “Our customers have been struggling to find an endpoint solution that is both secure and easy to manage. EVault’s new solution protects, backs up and recovers all valued data resources - from the largest servers to the laptops used by every employee. EVault Endpoint Protection further solidifies EVault as a comprehensive, full-service, data protection solution.”

GFI Software solutions now available through the Intel Hybrid Cloud

GFI Software has collaborated with Intel to make GFI VIPRE Antivirus, GFI LANguard, GFI EventsManager and GFI EndPointSecurity available through the Intel Hybrid Cloud. SMBs are increasingly aware of the cost savings and efficiencies they can gain by adopting cloud-based IT solutions.


The Intel Hybrid Cloud enables GFI Software to take advantage of that rising demand and the recurring revenue it generates from subscription-based pricing.

“As more and more SMBs adopt cloud-based solutions to cut costs and streamline operations, GFI Software is evolving its own software delivery and pricing models to support them,” said Walter Scott, CEO of GFI Software. “For the cloud to successfully gain traction in the SMB market, it needs to be easy to deploy, cost effective, reliable and backed by a trusted industry leader. Intel is a name all SMBs know and respect. Participating in the Intel Hybrid Cloud program ensures GFI Software is well positioned to lead SMBs into the cloud.”

“Through the Hybrid Cloud, Intel is offering VARs and MSPs access to the core solutions a small business needs via a software-as-a-service model,” said Bridget Karlin, general manager, Intel Hybrid Cloud. “Whether it’s email, security, VoIP, an office productivity suite or accounting software, we’re creating a market place for SMB applications from industry solution providers like GFI Software. With the applications announced today, and more to be added in the coming months, GFI Software helps diversify and add a tremendous amount of depth to the Intel Hybrid Cloud offering.”

Apple iOS 4.3.2 released

Apple iOS 4.3.2 is now available for iPad, iPad 2, iPhone 3GS, iPhone 4, as well as 3rd and 4th gen iPod touch users.


This version fixes an issue that may have caused blank or frozen video during FaceTime calls. It also resolves the problem preventing some international users from connecting to 3G on their iPads.

Verizon iPhone 4 users got a unique update with a version of iOS 4.2.7.

The iOS 4.3.2 update also includes the latest security fixes.

Next Safari version will include do-not-track tool

Safari is the latest of the top four most popular browsers to receive a do-not-track privacy tool.


So far, the feature is still being tested by developers, but if everything goes according to plan, it will be included in the next version of Mac OS X (Lion) due to be released in the summer.

Of the top four most used browsers - Microsoft's Internet Explorer, Mozilla's Firefox, Google's Chrome and Apple's Safari - Google is the only company that has yet to decide to add a do-not-track tool in its browser.

According to the Wall Street Journal Google says it will still be closely involved in the discussion about whether do-not-track tools should be offered with browsers, which is actually understandable since Google has a major stake in the market of online advertising.

Google's spokesman also pointed out that the company offers an add-on for Chrome called "Keep My Opt-Outs", which lets users request that their data not be used for targeted advertising.

Even if it seems that there is not much point for tools like these - since they only work if online advertising agencies agree to respect do-not-track requests from browsers, and the majority of them haven't yet - I agree that the realization of the idea must start somewhere, and you can bet anything on the fact it would never have started with the advertising agencies.

Smart grid cyber security revenue to rise

If smart grids can realize their full potential, consumers, utilities, nations, and even the earth itself will benefit. As with nearly any new technology, the industry focus has been on getting smart grids up and running, often with little consideration for cyber security issues.

However, a new report finds that investment insecuring the grid from malicious attacks, natural disasters, and other accidents is picking up pace.

Pike Research expects that smart grid cyber security spending will increase 62% between 2010 and 2011, and by 2015 the annual worldwide market spending in this critical sector will reach $1.3 billion.

“Smart grid cyber security is significantly more complex than the traditional IT security world. It is a common misperception that IT networks and industrial control systems have the same cyber security issues and can be secured with the same countermeasures. They cannot,” says senior analyst Bob Lockhart. “To successfully secure the electrical grid, utilities and their key suppliers must design solutions that effectively bridge the worlds of information and operations technology.”

Lockhart adds that effective smart grid cyber security deployments will address a wide variety of key issues:

• Stronger identity management
• Multi-factor authentication on powerful consoles
• Computer incident response
• Change management, asset management, and configuration management
• Business continuity planning
• Defense-in-depth for IT and ICS networks
• Stronger security on SCADA control systems
• More secure interfaces between IT and ICS networks
• Video monitoring capabilities for substations and control rooms
• End-to-end encryption of data from the home area network (HAN) to the utility central site
• Need to prevent worms from spreading through smart meters
• Stronger cyber security software on smart meters
• Resiliency throughout the advanced metering infrastructure (AMI)
• Data integrity for electric vehicle recharging transactions
• Data privacy for electric vehicle billing data and recharging transactions
• Security awareness education for all affected employees.

Over the next few years, Pike Research anticipates that growth in the smart grid cyber security market will produce opportunities not only for hardware and software sales, but also for a number of new professional services opportunities. These service offerings will help utilities navigate the minefield of threats and challenges that pose fundamental risks to the integrity of the grid infrastructure.

The complete report is available here.

External cyber security risks to surpass insider threats

57 percent of global C-level executives agree that in the next one-to-three years, external threats such as cyber-criminals will become a greater security risk than insider threats, according to Cyber-Ark

In addition to expanding awareness about the risks associated with cyber espionage or advanced persistent threat (APT)-type attacks, internal threats still represent a security challenge for many organizations today.


Consider that nearly one in five of C-level respondents admitted that cases of insider sabotage had occurred at their workplace. 16 percent believe that competitors may have received highly sensitive information or intellectual property including customer lists, product information and marketing plans from sources within their own organization.

The temptation to snoop remains

With recent high-profile attacks that targeted privileged accounts and passwords, like the RSA Security breach, awareness and a sense of urgency will continue to increase around the need to better monitor and control those powerful accounts.

Specific results from global IT staff surveyed found that one quarter (25 percent) said their use of privileged accounts is still not being monitored.

A survey response that has remained fairly constant over the years is identifying the departments most likely to snoop around the network to look at confidential information. With their broad reach and highly privileged, anonymous access to various networks, systems and applications, nearly half (48 percent) of all global respondents chose the IT department as the most likely to snoop. Respondents said that managers were the next most likely (10 percent) followed by human resources (7 percent).

The following results compare “snooping” habits of IT staff around the world:

• When asked if they had ever accessed information on a system that was not relevant to their role, 28 percent of North American IT staff respondents admitted to snooping, while an even greater number in EMEA, 44 percent, admitted to the same behavior.
• Similarly, 20 percent of North American respondents and 31 percent of EMEA respondents said that they or one of their colleagues had used an administrative password to access information that was otherwise confidential or sensitive.

A new question added to this year’s survey focused on measuring how respondents’ perception of privileged account security has changed in light of data breach notification laws.

According to the results, 77 percent of North American IT staff said their perceptions have changed, while much fewer in EMEA, 24 percent, felt the same way.