Weekly tech bulletin for week ending 2015-04-19.

Published: Mon, 20 Apr 2015 by Rad


1. Banks hide cyber crime losses, says City of London Police.

Published: April 15, 2015 legal

Banks are obscuring the true amount of money lost to cyber fraudsters preferring to write off cyber incidents as losses, according to the City of London Police.

"Banks assess the losses sustained from customers leaving, because of security fears, greater than covering the cost of cyber crime. Only one in five cyber crimes is reported. Of those, only another one in five provoke a proper response from law enforcement agencies."

Adrian Leppard, commissioner of City of London Police

Police say cyber criminals are stealing more money online - but banks are not reporting the full extent of the theft.

Speaking at a meeting about finance firms' treatment of customers, Clayton said: "Insiders tell me the going rate is about twice the amount of money reported by banks goes walkies out of people's accounts." Banks keep this figure secret because a lot of it is recovered, he added.

Source:   www.computerweekly.com

2. 18-Year-Old Security Flaw Allows Hackers To Steal Credentials From All Versions Of Windows.

Published: April 13, 2015 security

In 1997, researcher Aaron Spangler discovered a bug in Internet Explorer that allowed an attacker to steal credentials using a protocol known as Windows Server Message Block (SMB).

Eighteen years later, a researcher on the Cylance SPEAR research team testing a messaging app with that bug in mind discovered strong including Adobe Reader, iTunes, Box , and Symantec SYMC -0.25% Norton Security Scan on all versions of Windows.

Redirect to SMB vulnerability

This new vulnerability, called "Redirect to SMB," allows user login credentials to be leaked from a variety of Windows applications by tricking the apps into authenticating with a rogue server. Redirect to SMB allows to hackers to execute a man-in-the-middle attack on a Windows device, sending communications to a malicious SMB server, which can then produce the user's username and encrypted password.

After that, an attacker can decrypt the password and gain access to a variety of vulnerable applications. Cylance refers to it as a "forever-day" vulnerability, because the original bug has been an ongoing threat since its discovery in 1997. While Spangler's bug was limited to Internet Explorer, the Redirect to SMB vulnerability affects a number of applications on all versions of Windows.

So far, the vulnerability has not been seen in the wild. The 31 vulnerable applications Cylance found are: Adobe Reader, Apple QuickTime, Apple Software Update (which handles the updating for iTunes), Internet Explorer, Windows Media Player, Excel 2010, Symantec's Norton Security Scan, AVG Free, BitDefender Free, Comodo Antivirus, .NET Reflector, Maltego CE, Box Sync, TeamViewer, Github for Windows, PyCharm, IntelliJ IDEA, PHP Storm, and JDK 8u31’s installer. Source:   www.forbes.com

3. Portuguese Startup Tests Large Wi-Fi Drone To Provide Cheaper Internet Access

Published: April 13, 2015 tech

A Portuguese startup Quarkson says it has successfully tested a prototype version of its solar-powered drones that aim to deliver Wi-Fi to remote countries in the world.

The Portuguese startup is the latest initiative to take the Internet to far-off corners of the globe. Earlier this month, the company announced that it has successfully completed testing of a test version of one of its high-altitude drones, the 265-pound HA65. With a wing span of 213 feet, it can fly for six weeks with a range of up to 80 miles, in an undisclosed location.

The goal is not only to deliver Wi-Fi but also 2G, 3G, and LTE connections via the unlicensed spectrum or through a carrier's licensed spectrum to provide Internet access to the parts of the world that have little or no connection.

Eventually, Quarkson hopes to fly a fleet of low-altitude and high-altitude SkyOrbiter drones. The low-altitude drones, which will be powered by fossil fuels, are designed for government and commercial use. The biggest of these is the LA75, with a wingspan of 246 meters and a range of up to 93,000 miles or up to seven weeks.

Source:   www.techtimes.com

4. US and Ukraine Top List of Cyber Spy Victims

Published: April 14, 2015 security

The United States and Ukraine bore the brunt of identifiable cyber espionage attacks over the past year, according to data compiled by Verizon, with international industry and government input
. The two countries were the targets of a combined 40 percent of cyberspy assaults on governments, based on statistics provided to Nextgov. In the majority of digital espionage cases - 55 percent - investigators could not identify a victim.

"There were 120 cyber-surveillance incidents in the public sector in 2014, according to the figures. The U.S. and Ukraine each were prey 20 percent of the time."

Annual Verizon Data Breach Investigations

Phishing emails and social engineering

Since 2013, more than two-thirds of cyber espionage incidents have used phishing emails to trick targets into divulging secrets by impersonating known acquaintances, the report found.

In one of the more grave hacks last spring, attackers compromised a database containing background histories and family information on applicants for U.S. government security clearances. E-QIP, where officials in sensitive positions file their SF-86 questionnaires, is believed to have been penetrated by Beijing- backed attackers.

The sectors most attractive to snoops were manufacturing, government and professional services, according to the study. At the bottom of the list: financial services and health care. Retail did not even make the cut.

While these industries saw more than their fair share of data breaches in 2014, the perpetrators typically weren't after intellectual property, the report determined.

Source:   www.nextgov.com

5. Researchers believe a biological revolution enabling humans to experience everlasting youthfulness is coming

Published: April 17, 2015 science
It is likely the first person who will live to be 1,000 years old is already alive today. This is according to a growing regiment of researchers who believe a biological revolution enabling humans to experience everlasting youthfulness is just around the corner.

"The first thing I want to do is get rid of the use of this word immortality, because it's enormously damaging, it is not just wrong, it is damaging. It means zero risk of death from any cause - whereas I just work on one particular cause of death, namely ageing."

Aubrey de Grey

Rebuild the cells by killing old ones

To achieve longevity, de Grey is developing a therapy to kill cells that have lost the ability to divide, allowing healthy cells to multiply and replenish the tissue.

"These therapies are going to be good enough to take middle age people, say people aged 60, and rejuvenate them thoroughly enough so they won't be biologically 60 again until they are chronologically 90."

Aubrey de Grey

Mr de Grey explained his technique for achieving eternal youthfulness is far more likely to be developed before the theories explored by other gerontologist that focus on preventing the metabolism from causing damage to the body.

Source:   www.news.com.au

6. Long-sought magnetic mechanism observed in exotic hybrid materials

Published: April 13, 2015 science

Scientists have measured a subatomic phenomenon first predicted more than 60 years ago. This so-called van Vleck magnetism is the key to harnessing topological insulators - hybrid materials that are both conducting and insulating - and could lead to quantum computers, spintronics, and superior semiconductors.

Best of both worlds

Classical materials tend to conduct electricity or insulate against it - think rubber versus copper. Topological insulators, however, live in both worlds: the bulk is insulating, but the surface is highly conductive. The relationship between these competing qualities introduces strange phenomena, especially in the surface electrons.

The team struck the topological insulator with an electron beam focused to within one atom inside a state-of-the-art transmission electron microscope (TEM). This beam excited a core electron, which in turn raised the energy in the outer Dirac shell. Then, using a technique called electron energy loss spectroscopy (EELS), the scientists measured the difference in energy between the incident electron beam and the electrons that scatter out of the sample after impact. The energy lost revealed the van Vleck effect in action.

Source:   www.sciencedaily.com

7. Hacked Sony emails reveal that Sony had pirated books about hacking

Published: April 17, 2015 legalsecurity

Sony doesn't like pirates - except, perhaps, when Sony feels like pirating.
Pirate Flag (6084517123)
Pirate flag
By fdecomite (Pirate Flag Uploaded by tm) - CC BY 2.0, via Wikimedia Commons

Hacked Sony Pictures Entertainment emails, published in full on Thursday by WikiLeaks, reveal that Sony had pirated ebooks on its servers. This is particularly notable because Sony has engaged in aggressive and even illegal anti-piracy actions in the past.

Here's another dose of irony for you: The books are educational tomes about hacking, exactly the subject that Sony would now like to be thoroughly educated in since last year's hacks put all this information into the public sphere.

Author Jeffrey Carr's Inside Cyber Warfare is a classic of the information-security genre that's been widely read and widely copied. Some of those readers and copiers work within Sony, it was revealed yesterday when WikiLeaks published their searchable version of the Sony archives. Both the PDF and TXT files are available.

Hacking the Next Generation, another book on information security from the same publisher (O'Reilly), can be found in full PDF format on Sony's servers.

Meanwhile, Sony was thinking of new ways to combat piracy including, the leaked emails reveal, putting out fake torrents on sites like Pirate Bay as part of their anti-piracy strategy.

Source:   www.dailydot.com

8. Kim Dotcom Megaupload case falters over sharing Canadian data

Published: April 13, 2015 legal

Kim Dotcom
Kim Dotcom
By Robert O'Neill (Own work), via Wikimedia Commons - CC BY 2.0
More than three years have passed since Canadian police seized 32 Megaupload servers on behalf of U.S. authorities seeking to prosecute company founder Kim Dotcom in one of the world's largest copyright infringement cases.

No one knows what is on the servers

Still, no one - except perhaps officials with the file-sharing company itself - knows what's on the servers.

At issue now is how much of this seized Canadian data can be shared with the U.S. Department of Justice, which is very eager to press its case against Dotcom, who is currently fighting extradition from New Zealand, where he's a permanent resident.

In a Toronto court on Monday, Crown attorney Moiz Rahman, acting on behalf of the U.S., recommended bringing in a U.S. "clean team" - an American term for a group of forensic investigators independent of the case - to sift through the 25 terabytes of data on the servers to pick out relevant files and separate them from personal information.

But Megaupload's lawyer argued that the Ontario court can only ask the U.S. police officials on the so-called clean team to "double pinky promise" that they won't share information not relevant to the case, since there's no way to enforce the court's decision south of the border.

Source:   www.cbc.ca

Events - selected events in next 30 days

International Conference on Internet, Wireless Networks and Communication Technology

Place: Park Inn Hotel Prague, Svobodova 1 - 128 00 - Prague, Czech Republic

Date: Apr 28 - 29, 2015 URL: ICIWNCT

The primary goal of the conference is to provide researchers, practitioners, and students with the platform to share leading-edge knowledge and ideas in Internet Computing and related areas. Submitted papers will be subject to a double-blind review process.

The ICIWNCT 2015 are to bridge the knowledge gap between academia and industry, promote research esteem in secured Internet transactions and the importance of information technology evolution to secured transactions.

Topics and Agenda

  • Cloud Computing ()
  • Network Application and Security
  • Software Engineering and Internet
  • E-Commerce and M-Commerce
  • Internet Technology and Applications
  • and more ...

World of Cloud conference

Place: Sheraton Frankfurt Airport Hotel, Frankfurt, Germany

Date: Apr 27 - 28, 2015 URL: World of Cloud

Hear from high-level decision-makers, how the role of IT must change to meet both the needs of the entire company as well as the needs of the specialist departments.

Recent studies confirm the rapid transformation of IT: 40% of companies in Germany use cloud computing, 24% of the IT budget is on average spent on private cloud solutions, 83% of the private cloud users and 67% of the public cloud users have had positive experiences with the cloud.


  • Cloud Governance
  • Collaboration
  • Digitalisation
  • DevOps & Cloud Computing
  • Open Stack
  • From Big Data to Smart Data
  • and more ...

Future of Web Design conference

Place: ETC Venues, London

Date: April 27 - 29, 2015 URL: Future of Web Design - Lodon


  • Workshop: Interface Animation for the Web - Val Head
  • Workshop: Humanising the E-Commerce Experience - Rob Smith and Chris Jones
  • Workshop: Responsive Content Modeling - Steve Fisher
  • Workshop: Supercharge Your Front-End Workflow - Jason Lengstorf
  • Keynote: The Art of Deception - Stephen Hay
  • Design Like You Give a Damn: Creating Accessible Interfaces that Everyone Wants to Use - Léonie Watson
  • Data Visualisation: The Good, the Bad and the Ugly - Lisa Gringl
  • The Future Of Responsive Design Standards - Den Odell
  • and more ...

openSUSE Conference

Place:Westvliet Sport Center, Westvliet 55, Den Haag, Netherlands

Free: Going to osc15 is free of charge Date: May 1 - 4, 2015 URL: osc15

The openSUSE Conference 2015 will bring together a wide variety of Free & Open Source contributors to collaborate on one of the major Linux distribution projects.


  • Secure Deployment Changes Coming in MySQL 5.7
  • Optimizing Linux Servers - what has been changed from last year?
  • Testing Fedora in openQA
  • Pacemakers, Death by Storage, and Shooting Servers in the Head
  • Build your own Cloud
  • Taming Tigers with Puppet
  • Distributed storage Ceph
  • and more ...

<< Back   Back to list of weekly bulletins

Our previous bulletins stories

<< Back   Back to list of weekly bulletins