2015

Thanks for open sourcing .NET say Point of Sale villains

Leave a Comment / Security, Software Development, Technology /

VXers say Microsoft’s good intentions let them brew truly evil malware

Trend Micro researcher Jay Yaneza says Point of Sale malware has begun using Microsoft .NET, following its release as open source last year.

Yaneza found the new so-called GamaPoS malware being distributed to US organisations including credit unions, developers, and pet care businesses through the resurgent Andromeda botnet. He says the use of .NET as a platform to build point of sales malware is unique and likely to be adopted by the criminal underground.

“GamaPoS holds the distinction of being a .NET scraper — something unseen in prior PoS threats,” Yaneza says .

“We can attribute this development to the fact that it is easier to create malware in the .NET platform and, now that Microsoft made it available as an open-source platform, more developers are expected to use it for their applications.

“This makes .NET a viable platform to use for attacks.”

Yaneza says GamaPoS uses Andromeda’s back doors to spread in a shotgun fashion further infecting about four percent of the botnet’s existing victims.

The malware combines two malicious features including PsExec, which hackers used to help pop retailer Target last year, and the Mimikatz hack tool that is considered one of the best vacuumers of Windows credentials.

That combination grants attackers a high degree of capability to move laterally inside breached networks.

Andromedia infections.

Victims are targeted using phishing scams that masquerade as would-be guidance on Payment Card Industry Data Security Standard (PCI DSS) or as information on installing Oracle’s MICROS, a popular payment operating system which it can also compromise.

GamaPoS will siphon Visa and Discover cards to its command and control servers over HTTPS.

The attack campaign organisers are thought to be also spreading the NitLovePoS payment operating system malware found in May.

“Using an old botnet as a shotgun method to cast a wide net for targets has its merits,” Yaneza says.

“Using spam and exploit kits to establish a large mass of bots enables operators to steal information from specific targets, some of which can be resold to other threat actors.”

 

Source: Thanks for open sourcing .NET say Point of Sale villains • The Register

Thanks for open sourcing .NET say Point of Sale villains Read More »

What You Got Then and What You Get Now – It’s Not Like It Used To Be

Leave a Comment / Gripe Corner /

Blu-Tack-new-and-old“It’s not like it used to be.” You hear it said quite often, especially by those old folk (like us). This used to describe such things as the food we eat, people’s manners and buses being on time. Well people’s taste buds change more often than they think, yes people are getting ruder and more ignorant. Especially when I’m driving and they just don’t get out of my way. Idiots.  How dare they? Oh and buses are actually still pretty much on time. Well it can’t all be bad.

Another thing people gripe about is the size of things. Such comments as: –

“I remember when Wagon Wheels (the chocolate biscuit) were as big as your head when I was a kid.”

Well they could have been, you were a lot smaller then and so was your head. I know with some people it’s hard to imagine their head being smaller than it is now. Perhaps that’s just my opinion.

Recently I was confronted with absolute proof that things aren’t as big as they used to be. Blu Tack. Yes that magical stuff is handy in all sorts of situations and I remember half of my bedroom being held together with the stuff when I was much much younger. For a long time now I’ve had my comic and art book collection in storage. It was well overdue for being sorted and to see just what kind of state they were in since I saw them last. Which was before I got married. Yes that was sometime ago.

While carefully digging through and reading the odd one of two. I was quite surprised to see that pretty much everything was still in good condition. Everything was still sealed in plastic bags. But between a couple of books was an old friend. A packet of Blu Tack and, only three-quarters used. What a find. Of course I had only just bought a pack a month or two before. Typical. But when I placed them side by side the difference was very clear.

I don’t know exactly how old the one on the right is, but the reference to Trim-phones places it in the early Eighties if not Seventies. Yes I’ve been holding onto that one for a while.

But the real measure of what you got then and what you get now can be found inside. Not only is the older one wider and taller but thicker as well. Yes OK I know talking about Blu Tack is more than a little strange, but in this case there’s a principal. It shows that companies have cut the size of things you used to remember of the products you used everyday. What a difference three decades makes.

If anybody else has anything like this, please let me know.

Blu-Tack-new-and-old-inside

What You Got Then and What You Get Now – It’s Not Like It Used To Be Read More »

What’s the deal with Windows 10 for the Non-Technical Friend

Leave a Comment / Windows 10 /

The calls are starting to come in, as I, like you, Dear Reader, am the head of IT Support for my friends and family. You’d think my cell phone was an IT helpline, and my email is filled with Word documents with pasted in screenshots along with subject lines like “Is this safe?!?!?” and “What’s the deal with Windows 10?”.

Anyway, Window 10 is coming soon, and this little icon (the Windows icon) is stating to show up in folks’ taskbars. For the techies, it’s called GWX (Get Windows 10) and it’s there to prep your machine and possible download Windows 10 if you want to reserve a spot. It’s added by KB3035583.

image

If you click it, you’ll get this screen where you can add your email and when July comes around your system will start downloading Windows 10 automatically.

You may also see this in Windows Update if you run Windows Update manually as I do.

Windows 10 is coming soon

You get to decide when you want to install it, it’s not automatic.

Free Upgrade to Windows 10

The important part you and your non-technical friend should know and explore is the “Check your PC” section. Click the “hamburger” menu in the upper left corner, then click “Check your PC.” Here’s mine. Looks like I need to update or uninstall one program that isn’t yet compatible, but my devices (video, usb stuff, etc) are cool.

Windows 10 will work on this PC

There’s a great FAQ (Frequently Asked Questions) on Windows 10 here that you should check out.

Here’s my personal translation/take on the most important parts:

  • Windows 10 upgrades start July 29th and you can choose to upgrade for free until July 29, 2016 so no rush. If you want wait and see, you can.
  • The upgrade is free for that period (July 29th 2015 until 2016, a year later). Upgrading after July 29th, 2016 will cost something.
  • You can upgrade machines running 7 and 8.1.
  • You machine should have these specs, which are pretty low and reasonable. Most anyone with a running PC can upgrade.
  • Yes, Solitaire and Minesweeper and Hearts will be removed BUT you can download the new versions of Solitaire and Minesweeper free in the Windows Store. They are pretty nice versions.
  • You’ll move to either Windows 10 Home or Windows 10 Pro, according to this table:
    What Windows 10 version will I get?
  • You apps will keep running. I’m running all sorts of apps, many quite old, on Windows 10 and I have had no issue. The Compatibility Wizard still exists, though, so you can “lie” to really old apps and tell them they are running on Windows 95, or whatever. Just right-click the App that isn’t working and click “Troubleshoot Compatibility,” or right-click, Properties, then Compatibility. I haven’t had to do this myself, yet, so consider this a rare thing.

So far it’s been pretty interesting and I think that if non-technical friend liked Windows 7 and tolerated Windows 8 that they will like Windows 10. I’ve been doing “Windows 10 Build to Build” upgrade videos over at my YouTube and I would love it if you’d subscribe to my YouTube as well.

It’s amazing that Windows 7 users and Windows 8 users will all be able to upgrade and come forward to a single version of Windows. As a developer (both web and apps) it’ll be nice to have people on an “evergreen” Windows where I can do things like Feature Detection and not think as much about versioning.

versioning.

Source: What’s the deal with Windows 10 for the Non-Technical Friend – Scott Hanselman

What’s the deal with Windows 10 for the Non-Technical Friend Read More »

Is Windows 10 ready?

Leave a Comment / Project Spartan, Windows 10 /

Windows 10 is different. While Microsoft aggressively tracked down leaked builds of Windows Vista and Windows 7, the software giant has opened its doors to let anyone test Windows 10 through a process that’s not normally public. It’s a change that has allowed everyone to judge and critique Windows 10 before it’s even ready. We’ve seen the good and the bad, and now we’re about to witness the final result on July 29th. With Microsoft now committing to a Windows 10 release in less than two months, is it really ready?

Windows 10 has progressed well over its relatively short development period. If you compare preview builds from two months ago to today, there are many changes and improvements, but still a lot of bugs. While it’s two months until release date, Microsoft will still complete a process known as release to manufacturing (RTM) later this month. Windows might be switching to a servicing model with regular updates, but there’s still a final point needed for PC makers to start loading their own images to ship devices in time for the back to school period and the holidays. That RTM phase means Microsoft only has a few weeks to get Windows 10 ready before it has to rely on patches and hotfixes that can be distributed automatically to machines once they’re upgraded.

A few weeks doesn’t seem like enough time right now, especially given the current state of Windows 10. The latest build (10130) looks almost finished and polished, but then there are continued issues with the Start Menu not opening or crashing and driver problems that are slightly alarming at this stage of development. Perhaps the biggest issue I have encountered is the upgrade process between builds. Microsoft has been testing this vigorously, as it’s a key part of getting Windows 7 and Windows 8 users to Windows 10 for free. If an upgrade fails then it’s one less machine running the latest operating system. I’ve had a variety of upgrade failures, even with the recent builds that Microsoft has distributed. Please note this is the author’s experience. I haven’t had a problem with any update upto and including 10130. (BJ)

These could all be fairly minor bugs, but they’ve been consistent and present throughout the Windows 10 development period, which suggests there have been some issues that have prevented Microsoft addressing them fully. Fortunately, Microsoft is now in a period of code completion. Additions to the core of Windows 10 will be locked soon, and Microsoft is now focused on improving the built-in apps and crushing bugs. Like any version of Windows, Microsoft has a number of tests and processes to check off before it declares Windows 10 is ready. The overall bug count will have to drop, and the company will decide which bugs can wait for launch day patches and prioritize accordingly.

Windows 10 Spartan

Windows 10 will of course be ready for July 29th, but how complete and stable it will be could vary depending on your hardware and usage. I have some machines that work well, and others that are crashing or the display drivers and audio drivers don’t work correctly. At this stage I would like to be using a release candidate on my machines that feels like the final version of Windows 10, but we’re not quite there yet. Microsoft will start pre-loading the final bits on PCs that have opted in for the Windows 10 upgrade, with patches and updates to follow once it launches on July 29th.

WINDOWS 10 IS GOING TO HAVE A BUNCH OF UPDATES ON DAY ONE

Windows 8 launched with a number of day one patches, and I expect Windows 10 will have plenty. Microsoft has been regularly patching Windows 10 preview builds to address bigger problems, and receive additional feedback to help shape changes. The dedicated feedback app will ship with the final version of Windows 10 so that Microsoft can continue to receive input from users. It’s really Microsoft’s method of using the general public for its own testing. With recent headcount reductions on the testing teams for Windows, public feedback and beta testing has helped Microsoft change the way it’s building Windows.

Microsoft is very close to getting Windows 10 ready, but the Windows team has a lot of sleepless nights ahead throughout June and July to ensure the quality is high across the vast amount of PCs out there. Microsoft can’t afford to make any bad impressions with Windows 10 after the mixed reception to both Vista and Windows 8. Providing the driver issues are cleared up, the company can easily avoid the problems associated with the early days of Windows Vista. Windows 10 is really shaping up to be the next great successor to Windows 7 and Windows XP, and Microsoft wants to ensure everyone upgrades. Windows 10 will never really be ready thanks to continuous new features and updates coming for the rest of the year and beyond. The road could be a little bumpy to start, but it’ll only get smoother and smoother over time.

Source: Is Windows 10 ready? | The Verge

Is Windows 10 ready? Read More »

Dutch solar road makes enough energy to power household

Leave a Comment / General, Technology /

You may remember a previous article on my web site about solar road energy. Well looks like somebody has succeeded.

Engineers in the Netherlands say a novel solar road surface that generates electricity and can be driven over has proved more successful than expected.

Last year they built a 70-metre test track along a bike path near the Dutch town of Krommenie on the outskirts of Amsterdam.

In the first six months since it was installed, the panels beneath the road have generated over 3,000kwh. This is enough to provide a single-person household with electricity for a year.

“If we translate this to an annual yield, we expect more than the 70kWh per square metre per year,” says Sten de Wit, spokesman for SolaRoad,   which has been developed by a public-private partnership.

RELATED: Netherlands rolls out ‘SolaRoad’

“We predicted [this] as an upper limit in the laboratory stage. We can therefore conclude that it was a successful first half-year.”

The project took cheap mass-produced solar panels and sandwiched them between layers of glass, silicon rubber and concrete.

“This version can have a fire brigade truck of 12 tonnes without any damage,” said Arian de Bondt, a director at Ooms Civiel, one of consortium of companies working together on the pilot project.

“We were working on panels for big buses and large vehicles in the long run.”

The solar panels are connected to smart meters, which optimise their output and feed the electricity to street lighting or into the grid.

“If one panel is broken or in shadow or dirt, it will only switch off that PV panel,” said Jan-Hendrik Kremer, Renewable Energy Systems consultant at technology company Imtech.

Five years of research

The research group spent the last five years developing the technology but during the first six months of the trial a small section of a coating, designed to give grip to the smooth glass surface without blocking the sun, delaminated.

This was due to temperature fluctuations causing the coating to shrink. The team is now working on an improved version of the coating. More than 150,000 cyclists have ridden over the panels so far.

“We made a set of coatings, which are robust enough to deal with the traffic loads but also give traction to the vehicles passing by,” said Stan Klerks, a scientist at Dutch research group TNO.

He said the slabs also had to “transfer as much light as possible on to the solar cells so the solar cells can do their work”.

The group behind the project is now in talks with local councils in the Netherlands to see if the technology can be rolled out in other provinces. A cooperation agreement has also been signed with the US State of California.

“Solar panels on roofs are designed to have a lifetime, which is typically 20/25 years,” said de Wit.

“This is the type of lifetime that we also want for these types of slabs. If you have a payback time of 15 years then afterwards you also have some payback of the road itself so that makes the road cheaper in the end.”

Source: Dutch solar road makes enough energy to power household – Al Jazeera English

Dutch solar road makes enough energy to power household Read More »