Computers still vulnerable to hackers of start-up codes

Posted at 08/03/2014 1:00 PM | UPDATED as of 08/03/2014 1:00 PM

SAN FRANCISCO — A multi-year effort to prevent hackers from altering computers while they boot up has largely failed because of lax application of preventive STEPS, researchers say, despite disclosures that flaws are being exploited.

In the latest sign that the problem persists, researchers at the FEDERALLY funded MITRE lab said this week that many customers of Intel Corp. still had not adopted revised security designs Intel distributed in March after the MITRE team found new vulnerabilities in the start-up process.

That could MEAN many newer Windows computers remain exposed, the MITRE team told Reuters ahead of a presentation at the Black Hat security conference in Las Vegas this week.

Intel’s point person on the issue, Bruce Monroe, said he did not know how many suppliers and computer makers had followed Intel’s RECOMMENDATIONS.

“We’re not PRIVY to whether they’ve fixed it or not,” Monroe said. “We asked them to let us know.”

The stubborn glitches illustrates how such well-funded spying programs as those exposed by former National Security Agency contractor Edward Snowden can CONTINUE to succeed against targets that depend on a complex supply chain.

Long before Snowden’s documents began appearing the media, professional technicians and U.S. officials were concerned about the vulnerabilities that left computers severely exposed as they are turned on.

Years ago, then-U.S. National Security Agency Director Keith ALEXANDER privately urged the chief executives of major American technology companies to do something about the boot-up procedure known as the Basic Input/Output System, or BIOS. BIOS relies on firmware, or permanent software that ships with computers.

Because the start-up code is given more authority than the OPERATING system, hackers who break into that code can make major changes to programs and hide evidence of their presence. Lodging there also all but guarantees what the security industry calls persistence – the ability to remain inside even after a computer is turned off and rebooted.

Intel, Microsoft Corp. and other companies promoted a successor system known as the Unified Extensible Firmware Interface that includes a feature called “secure boot,” which checks for digital signatures before running code. Microsoft’s Windows 8 OPERATINGsystem has embraced UEFI and secure boot, bringing the hardened approach to more than 60 million new computers.

Even as that rollout was accelerating, though, evidence accumulated that attacks similar to those theorized by researchers were actually under way.

In 2011, several research firms identified one such piece of malicious software, called Mebromi, that primarily attacked Chinese computers with a type of BIOS from leading supplier Phoenix Technologies Ltd.

Early last year, Reuters saw a catalogue from a U.S. defense contractor that included a product, offered at more than $100,000, for incapacitating target computers by attacking BIOS and other critical elements.

And in December, Der Spiegel reported that a leaked internal NSA catalogue described a tool called DeityBounce that attacked the BIOS of Dell Inc servers.

That came months after a presentation at last year’s Black Hat security conference in which MITRE researchers including Corey Kallenberg and Xeno Kovah broke into Dell’s boot-up process.

In a joint interview, Kallenberg and Kovah said that in the year since that talk, they had deployed sensors to about 10,000 computers to determine whether boot-ups were still vulnerable to that flaw or RELATED issues. As of last month, 55 percent of them still were.

But the actual percentage of vulnerable machines in the world is even higher, because the MITRE GROUP has not been checking for flaws stemming from the issues it found more recently with Intel’s old UEFI guidelines, which permitted an attack through memory corruption.

“That number is going to go up a lot,” Kovah said of the percent of affected computers.

Intel’s Monroe said that although his company, the BIOS makers and most of their customers were not used to distributing and installing fixes, improvements were coming, starting with a fledgling industry-wide incident response team led by Phoenix.

Kallenberg and Kovah said it would help if the NATIONAL Institute of Standards and Technology moved beyond general warnings and provided links to verified fixes.

Advertisements

Microsoft wants you to forget Windows 8

according to http://www.computerworld.com/s/article/9249971/Microsoft_wants_you_to_forget_Windows_8

Computerworld – As talk of the next Windows begins to build and some details of what most are calling for now either Windows 9 or Threshold come into focus, it’s worthwhile to take a moment to remember Windows 8.

Because Microsoft will want everyone to forget it. And we will.

Unless the Redmond, Wash. technology company radically changes its habits, it will throw Windows 8 down a memory hole even before the successor ships. Just like it made Vista persona non grata in its official messaging in 2009, it will shove Windows 8 so far into the background that we’ll need the Hubble telescope to find it.

Not that that’s unusual. All companies fake amnesia to a stunning degree, even when what they want to forget — more importantly, what they wantcustomers to forget — was once trumpeted with Joshua’s band. Ford tossed the Edsel into the don’t-mention file, Coca-Cola did the same with New Coke, Apple erased the Performa and Ping from its corporate memory, and IBM would be hard pressed to admit it ever knew the PCjr or OS/2.

It’s always about next year’s shiny object, not last year’s.

Vista redux

To see the future for Windows 8, look at how Microsoft treated Windows Vista — the 2007 edition that launched late and quickly garnered negative reviews that painted a reputation from which it never recovered.

In the months leading up to the launch of Windows 7, Vista’s successor — and a wildly successful one at that — Microsoft came close to banning the word “Vista” from press releases, its most official line of communications to the media, investors, partners and customers.

From January through October 2009 — the latter was Windows 7’s launch month — Microsoft mentioned “Vista” in just one press release headline or the single-line synopsis accompanying a headline. During the same stretch, Microsoft used “Windows 7” 16 times.

In comparison, three years later, during the January through October 2012 run-up to Windows 8’s debut, Microsoft mentioned “Windows 7” in 6 press release headlines or summaries, and used “Windows 8” 14 times.

So while a failure, as judged by Microsoft, was outnumbered 16:1 in mentions, a success, also as implicitly labeled by Microsoft, was bested by only about 2:1.

Expect the former for Windows 8. In fact, it may already have started as Microsoft preps for 8’s successor, called “Threshold” by long-time Windows watchers: Since the first of the year, Microsoft has mentioned “Windows 8” in its press release headlines or summaries just 6 times, on pace for 11. During all of 2013, Microsoft referenced the edition 16 times.

The second half of the year will be especially telling if, as often-in-the-know bloggers like ZDNet’s Mary Jo Foley have contended, Threshold is to launch in the spring of 2015. With just over seven months until the start of March 2015, eight to April, it’s coming up on the time that Microsoft changes messaging from the past to the future.

Time to go silent on Windows 8

There is evidence that Microsoft has begun deemphasizing Windows 8.

In his mission statement of July 10, CEO Satya Nadella mentioned no specific edition of Windows on the desktop, using simply “Windows” when he wasn’t talking about “Windows Phone” or “Windows Server,” or relegating Windows to secondary status in the newly-minted Microsoft he envisions. Windows 8 was also AWOL among the speeches Nadella and other Microsoft executives made the following week at the company’s Worldwide Partners Conference, and was the subject of just three sessions out of more than 450 offered to attendees.

During this week’s earnings call, Nadella referenced “Windows 8.1″ just twice, both with the past tense. ” In April, we released an update to Windows 8.1,” he said of the refresh aimed to mollify enterprise users.

That’s no surprise: Not only has Microsoft acknowledged that its share of all computing devices — smartphones, tablets, personal computers — now hovers at 14%, a far cry from its near monopoly as late as 2010, but the company certainly understands how poorly Windows 8 has performed even within the small segment composed of desktop and notebook computers.

The newer OS has outsold Vista, certainly, about 31% better according to calculations based on stated sales milestones that were then turned into per-month figures for Windows 8’s first 16 months and Vista’s first 19. But Windows 8 has lagged far behind its predecessor, Windows 7. The latter bested Windows 8 by 113% on a per-month basis calculated for its first 15 months.

 

Now, a camera that ‘clicks’ smells

LONDON: What if you could recapture the aroma of that freshly baked birthday cake, or the whiff of your lover’s shampoo? It may be possible with this new camera! Researchers in the UK have developed a camera that can capture the scent of your memories, recording smells instead of images. 

The gadget, called Madeleine, is the invention ofdesigner Amy Radcliffe at Central Saint Martins, who set out to bring a more meaningful sensory dimension to storing our favourite memories, the Guardian reported. 

“The sense of smell has a direct link to emotional memory . It is the sense we react to most instinctively, and the furthest away from being stored or replicated digitally,” Radcliffe told the newspaper. 

In order to use the camera, a person needs to place a funnel attached to the camera over the object or environment they wish to capture. Then a pump sucks the air across an odour trap made of Tenax — a porous polymer resin which adsorbs the particles that make up the smell. 

The working prototype can take anything from a few minutes to capture the ravishing scent of fresh strawberries , to around 24 hours to store the more subtle aroma of an atmosphere. 

“It’s like a huge electric nose. It processes the particles and produces a graph-like formula that makes up the smell. From this formula you can artificially recreate the precise odour,” she said.

 

 

First look: Microsoft’s latest OS Windows 8.1

By Ryan Nakashima

SAN FRANCISCO: Microsoft CEO Steve Ballmer says the latest update to Windows is a “refined blend” of its older operating system forPCs and its new touch-enabled interface for more modern, mobile devices. 

After some hands-on time with it, the update seems to me like a patch over an ever-widening chasm. 

The issue is that there are over a billion personal computers that use some version of Windows as it existed until last October, when Microsoftunveiled Windows 8. All those PCs are responsive to mice and keyboards, not the touch screens and other input methods like voice and gestures that represent the future of computing. Making it easier to cross that bridge is one of the goals of Windows 8.1, a preview version of which Microsoft released Wednesday. 

After spending several hours with devices running Windows 8.1, it remains unclear to me whether a touch-based environment is what traditional Windows users want to accomplish the productive tasks for which they’ve come to rely on Windows. 

But Microsoft has added to 8.1 a grab bag of fun features that make the free update worthwhile. 

One way Microsoft reaches into the past is by reviving the “Start” button in the operating system’s traditional “Desktop” mode. It appears as a little Windows icon at the bottom left corner of the screen. 

However, other than the location and its general look, the button doesn’t do what it once did. A single tap brings you back to the “Modern” interface, instead of the traditional Start menu, which used to bring up a whole host of convenient items like recent programs and commonly used folders. 

An extended press brings up a list of complex settings functions – the kind that most people would probably rather leave to their tech department if they are fortunate enough to have one. 

So, instead of bringing back a familiar environment, the revived “Start” button is mainly just another way of directing you to the new one. 

Another way Microsoft attempts to appease its established PC user base is by allowing people to launch their computers directly into the “Desktop” environment. But again, with no way to access programs except through the “Modern” interface, there is little cause for celebration among traditionalists. 

The main changes in Windows 8.1 offer an easier way to function inside its “Modern” environment, better more integrated search results, and a hint of what’s possible in the future. 

One feature that makes the new environment easier to navigate: Now, a screen called “All Apps” is just a swipe away from the “Modern” tile screen. Swiping up literally displays all the apps on the computer, not just the ones that you have made as favorites on the start screen. In the past, you had to swipe up from the bottom edge and tap another button to get there. 

Unfortunately, the “All Apps” page feels like too much. An array of icons easily covers two full screens. Although you can re-organize the apps into categories or alphabetically, there are too many to make it easy to use. 

It’s easier to use the search function, which can either be brought up by swiping in from the right edge, or just typing when in the “Modern” tile screen. 

Entertainers get terrific new billing in Microsoft’s improved search function. Type in an artist’s name, say Lily Allen, and Windows 8.1 brings up a lively and colorful sideways-scrollable page that shows big photos, her birthdate, and a list of songs and videos followed by decent-sized renditions of websites. 

Clicking on a play button alongside a song instantly plays it. You don’t have to own the song, because Microsoft throws in the feature as part of its Xbox Music service – which inserts ads unless you pay a monthly fee. You can queue up all the top songs and even add them to a playlist for listening to later. 

Windows 8.1 can also run on smaller devices, including Acer’s Iconia W3, which has an 8.1-inch screen measured diagonally and works with a wireless keyboard that also acts as a stand. In the past, screens had to be about 10 inches or longer diagonally. 

Some add-ins didn’t really excite me. The ability to resize the split-screen, which lets you do more than one thing at once, lacked pizazz. On the Acer and even Microsoft’s own Surface Pro, you can only split the screen in two, and only at fixed intervals. With the update, the screens can be half-and-half or roughly cover one-third or two-thirds of the screen, instead of one taking up a sliver as in Windows 8. 

Another feature is a predictive text function. Windows 8.1 offers up three predictions for words you are typing on an onscreen keyboard when in certain apps like Mail. To me, the feature seemed to be more annoying than useful, even though you can select the options with sideways swipes on the space bar. 

Yet another feature turned the camera into a motion detector. In one demo, Microsoft’s new “Food and Drink” app lets users swipe through a recipe with mid-air hand gestures. In practice, this often failed, sometimes turning pages in the wrong direction or not reacting at all. Still, it’s a way to struggle through a recipe if your hands are coated with sauce. 

At Wednesday’s presentation, Microsoft executives previewed future Windows functions that could come in handy, including voice recognition in apps and contextual understanding of spoken questions. 

For example, corporate vice president Gurdeep Singh Pall demonstrated a prototype travel planning app that not only showed 3-D overhead views of cities but gave computer-voice tours of various monuments. Speaking the question “Who is the architect?” brought up a webpage showing the answer, simply because the building that the architect designed was in view in the maps app. 

“Apps are going to have eyes, they’re going to have ears, they’re going to have a mouth,” said Pall.

As of this month, Microsoft says its new Windows platform will have 100,000 apps, and the company made it clear it hopes developers make even more, incorporating some of the new tools it has made available to them. 

Ballmer said in his keynote he hopes that Windows 8.1 also offers a “great path forward” for users of the millions of programs that work on older versions of Windows. By showing off a variety of enticing features of the new interface, however, it’s clear that path leads through the “Modern” world.

(The author is AP business writer)

Videogames may help students in education: Study

LONDON: Videogames could be key to keeping more disengaged youngsters interested in education, a new study has found.

The research, carried out by Lancaster University’s Faculty of Arts and Social Sciences (FASS), has shown how basing educational projects around video games can get hard-to-reach youngsters interested in learning.

The project, run by Inspire Opportunities and carried out earlier this year, involved 15secondary schools through the Wolverhampton area Local Education Partnership. More than 100 youngsters were involved.

“If the level of outcomes from this project could be replicated across the UK, then 5,000 more young people would be likely to become interested in the video games and video effects industries each year,” said leading academic Dr Don Passey, a Senior Research Fellow and a Director of the Centre for Technology Enhanced Learning at the university.

The project found that young people, who were disengaged from learning and were likely to end up not in employment, education and training (NEET) can become re-engaged with the classes incorporating videogames.

“The details of the research have been released as part of a knowledge exchange programme, highlighting the economic impact and promoting the benefit to business and the wider community of academic research,” Professor Chris May, Associate Dean: Enterprise and Employability for FASS, added.

VoIP Trilogy (Part II): Meddling with a Mid-range VoIP service!

CompareTelecom

voipTaking off from where I left my trilogy, we are moving on to mid-range VoIP services here. Perceptibly, we are talking about VoIP service that is slightly more expensive than entry-level phone services, priced at mid-range on the bar with dozens of included features. VoIP providers are conceptualizing more and more mid-range service packages to provide a complete solution and scalable product line based on a single architecture that could act as an interface to traditional telephony as well as VoIP. Simplifying this, I am talking about one-stop user interface, based upon reliable technology and infrastructure that can develop, manufacture and support cost-effective product.

Unlike the basic ones, which are targeted towards the residential segment of the market; mid-range VoIP is basically targeted to grab the market comprising of, enterprises, small and medium-sized enterprises (SME), and small offices, home offices (SOHO). VoIP providers dealing in the mid-range segment have the…

View original post 518 more words

"a realistic solution to your needs"

The Meat & Potatoes of Life

By Lisa Smith Molinari

SHE'S A MAINEIAC

just another plaid-wearin' java-sippin' girl

Tech

News and reviews from the world of gadgets, gear, apps and the web

MacManX.com

Stuff from James Huff

Scribbling Gizmos

A Mingled Collection of Writings & other doodads by Brian T Carter

Doing Science To Stuff

Some things just need science done to them.

My Wheelhouse

Sharing what helps us to feel alive.

Thinking in Fragments

but making connections too

cakes, tea and dreams

savoring the beauty in the everyday

The Smoke-Filled Room

"In theory, theory and practice are the same. In practice, they are not." -- Albert Einstein

Talekeeper

History never really says "goodbye", it instead says "see you later".

gingerfightback.wordpress.com/

Gingers, Poetry, Nonsense, Red Hair, Hope, Sausages

THE SURFING PIZZA

essays, nostalgia, humor, and weirdness

Prada For Breakfast

"We all know fear. But passion makes us fearless." - Paulo Coelho

Cats In Your Pants

a crazed cat fan takes on life and living, one pie chart at a time