Researchers have recently released two new tools that are capable of taking advantage of a weakness in a system that was designed to let people easily secure their wireless routers. One of the tools comes from Stefan Viehbock, a security researcher who publicly released information last week on the vulnerability in the WiFi Protected Setup wireless standard.

The WPS wireless standard was intended to make it easier for non-techy people to encrypt their wireless routers with a password in order to give them some minor protection against unauthorized use and to encrypt wireless traffic. Almost all the major router companies use this standard as it allows a user to enter an 8-digit random number (usually on the router somewhere) to enable security. In addition to that, users can push a physical button on the router itself.

This vulnerability, which was also discovered by Tactical Network Solutions’ Craig Heffner, involves how your router responds to incorrect PINs. Whenever a PIN is entered, the router using WPS will determine if the first or second half of the PIN is correct or incorrect.

This basically means that it is easier for hackers to try a multitude of different PINs in order to get the right one. This is known as a Brute-Force Attack. Normally, figuring out a PIN would take you 100 million tries at least. However, this vulnerability reduces the number of attempts down to 11,000 according to a research paper by Viehbock.

Once the hacker has the PIN it is very easy for him to get your password. Viehbock noted in his paper that his tool is a little bit faster than Reaver, the one released by Heffner and Tactical Network Solutions, both of which enable Brute-Force Attacks.

Reaver is hosted on Google Code and the authors of the tool say that it can recover a router’s plain-text WPA or WPA2 password in four to ten hours, depending on the access point. According to a release note about the tool, “In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.”

In addition to that, a lot of routers don’t limit the number of guesses for a PIN, which makes Brute-Force Attacks feasible. Heffner wrote that his company had been perfecting Reaver for for almost a year. His company decided to release the tool after the vulnerability was made public and is also selling a commercial version with more features.

Users do have the option of disabling WPS to prevent an attack, though Heffner wrote that most people don’t turn it off. “In our experience,” he wrote, “even security experts with otherwise secure configurations neglect to disable WPS. Furthermore, some access points don’t provide an option to disable WPS or don’t actually disable WPS when the owner tells it to.”

Source: Computer World – Two new tools exploit router security setup problem

Anonymous has been behind some of the most notorious computer hacks in the past few years and has garnered worldwide fame (or infamy from the point of view of the unfortunate victims). The group is said to be behind hacking financial institutions that it believes violate customer privacy or are greedy or too powerful. They are kind of like an internet Robin Hood and this most recent hack makes that comparison seem even more true.

The hacktivist group has recently claimed that it stole thousands of email addresses and credit card information from an online security firm and, by doing so,  stole a total of $1 million. But the group didn’t keep this money for their own personal gain. No, instead of stealing the money for themselves, the group donated the entire $1 million to charity.

The group released a somewhat taunting message on Christmas morning, stating that the security firm Stratfor failed to encrypt its clients’ information, making it extremely vulnerable to theft. The fact that Stratfor’s clientele includes the likes of the Pentagon, the United States Air Force and the United States Army makes this hack seem even more significant.

Anonymous also stated that it used the stolen information to send cash gifts to various charities including the American Red Cross, CARE and Save the Children.  Anonymous also promised to impose more havoc with information taken from various celebrities.

This is, by very definition, a catch twenty-two. While it is scary that the group could get that information and steal that amount of money so easily, it is hard to condemn them considering they used the money to help those that really needed it and during one of the most giving times of the year. It’s hard to applaud Anonymous for stealing the information, but by giving $1 million to charity, I have to say well done.

Source: Hawaii Reporter – Computer Hackers Donate $1 Million to Charity Using Stolen Credit Card Information

Security CameraSolutions

SecureMac has just released MacScan 2.9.2 and, in addition, is offering up a free 30-day trial for users to audit their computer’s security for malware, viruses and general threats to privacy. MacScan 2.9.2 adds additional support for other internet browsers as well as scheduler bug fixes, changes to the interface and the latest definitions to protect against any and all malware that may affect users of Mac OS X.

MacScan 2.9.2 is available for download as you read this as a free 30-day trial or for full purchase. Paying full price for the service will run you $39.99, so if you’ve never used MacScan in the past, I suggest the free trial first. Upgrades from the previous versions of MacScan 2 are completely free and can also be obtained by selecting “Check for Updates” in your MacScan menu or by downloading the demo version and entering your serial number.

The MacScan Family Pack is a very useful piece of software as it allows you to install the MacScan anti-spyware service on as many as three computers for only $49.99. This basically allows you to triple what you’re getting for only $10 more. Existing single-license owners of MacScan can also upgrade to the Family Pack if they wish by only paying the difference in the price of MacScan and MacScan Family Pack, or $10.

If you don’t already know, MacScan is an anti-spyware service designed for the Mac that detects, isolates and removes spyware from your Mac while simultaneously enhancing your internet privacy and security by cleaning out all of your internet clutter. MacScan is specifically designed for Mac OS X versions 10.2.4 or higher, including Apple’s latest operating system Mac OS Z 10.7 Lion.

Source: PR Web – MacScan 2.9.2 Released Protecting Mac OS X from Malware and Privacy Threats

A member of hacktivist group Anonymous was arrested by the FBI on Tuesday for allegedly launching a cyberattack on the website of Gene Simmons, lead vocalist and bass player for the heavy metal band KISS. Simmons drew the attention of Anonymous back in October when he took part in an anti-piracy conference and called for a crackdown on file and music sharing on the internet. The group allegedly shut down the singer’s site, GeneSimmons.com, with a distributed denial of service attack.

A Distributed Denial of Service attack, or DDoS, floods internet sites and computer networks with requests for information commands, making the networks and web sites unavailable to computer users. Member of Anonymous Kevin George Poe, who allegedly participated in the attack, was arrested after being charged in an indictment with conspiracy and unauthorized impairment of a protected computer according to the U.S. Attorney’s Office in Los Angeles.

Poe turned himself in to federal agents in the U.S. District Courthouse in Hartford, Connecticut for an initial appearance and was released on a personal recognized bond. Poe is expected to appear at the federal court in Los Angeles at a later date.

Anonymous has been at the helm of retaliation against individuals that they do not agree with. The group has already attacked a U.S. computer security firm named HB Gary and targeted the CEO for allegedly claiming that the firm had infiltrated Anonymous and would disclose details about the group’s membership to the FBI.

Last month the group had pledged to name and expose members of the Zeta drug cartel in an operation they dubbed OpCartel. Earlier in the year, the FBI executed a number of search warrants around the United States in relation to cyberattacks last year that targeted MasterCard, Visa and PayPal after the companies discontinued donations to Wikileaks after the website released U.S. diplomatic cables.

These U.S search warrants were initiated in conjunction with arrests made in the United Kingdom of five individuals who were accused of playing a role in attacks that were dubbed at the time “Operation Payback” by the hacktivist group.

Source: ABC News – FBI Arrests ‘Anonymous’ Members for Attack Against GeneSimmons.com

Security CameraSolutions

Fuji Xerox is all set to launch a brand new cloud storage service that hooks directly into the company’s multifunction copiers. The service is set to launch next week and will allow documents to be uploaded via scanning or faxing. Once this is completed, users will then be able to edit or download the documents through a computer or mobile device.

Known as the “Working Folder”, this service will provide features similar to the ones of existing cloud services as well as standard file servers, like encryption, versioning and access control by users. However, Fuji Xerox did stress the service’s tight integration with an all-new line of copiers that will be available on Monday, December 12th saving potential clients the burden of linking up offerings from other companies or managing their own servers.

The service itself is organized around a concept of virtual filing cabinets that contain “drawers” and “folders”, all of which can be shared between users. In addition to that, documents can also be accessed online via web browser or edited and downloaded directly through dedicated software for both Windows and Mac OS as well as Android and iOS devices.

A plethora of other, similar online storage services also exist and many, like Dropbox and Evernote, can even sync with faxes and scanners. However, hardware makers are rushing to launch cloud services that work seamlessly with their products in hopes of locking in customers and buffering against commoditization amid falling profit margins.

This new offering by Fuji Xerox will come with a base fee of $45 per month. This will allow 10 users access to 10GB of shared storage with additional users and storage also able to be added for an extra fee of course. Fuji Xerox is aiming for 10,000 contracts per year and is also considering launching outside of Japan according to a company spokesman.

Source: PC World – Fuji Xerox to Launch Dropbox-like Cloud Storage Service for Its Copiers

Mobile TeleSystems, one of the leading telecommunications operators in Russia and the CIS countries, has just announced the deployment of Flash Networks’ Harmony Mobile Internet Services Gateway, which is said to optimize the volume of mobile data traffic. With this deployment MTS will be able to reduce content and web page download times and increase mobile internet speeds.

The Harmony optimizes picture, video and other mobile data to ensure that you are getting the fastest download speeds possible, regardless of which mobile device you use to connect to the internet. In order to reduce traffic on these mobile networks while viewing a video stream, Harmony applies a special buffering mechanism that allows users to watch video streams as they load without downloading the entire video first.

MTS launched a pilot project in order to test the technology for all customers located in Murmansk. By the end of 2011, the new traffic optimization technology will be available to each and every user of the MTS unlimited mobile internet in Russia. The solution was developed by Flash Networks and was integrated in MTS’ network along with the Russian system integrator Technoserv.

According to the Head of the Data Transmission Department at MTS Sergei Stepanyuk, “The solution introduced by MTS will provide our customers with faster and more convenient internet access as the up-to-date text and multimedia compression technology applied by Flash Networks optimizes data in a way practically imperceptible to the human eye. Using the data optimization platform allows us to reduce our mobile network data transmission load by almost 40% and our transit load by 30%. ultimately resulting in faster internet speeds and better quality of data services for our users.”

Source: The Sacramento Bee – MTS Launches Innovative Solution to Optimize Mobile Internet

A Tech Travel Agent can get a laptop rentalto you within 24 business hours in over 1000 cities worldwide. Call 800-736-8772We have 3987 Installers, Technicians and Engineers stationed in nearly 1000 locations worldwide to serve you.

Syncplicity, a provider of cloud storage, just announced that it has enabled file-sharing capabilities on Android OS smartphones and tablets. Syncplicity users are now able to access and share file folders on their PCs and Macs and are also able to access cloud apps like Google Docs and Salesforce. In addition to that, users will also be able to access on-premise apps like SharePoint, Android 2.x phones and tablets.

The new service is very similar to DropBox but is more “fine-tuned” for a workgroup environment according to Jeff Schultz, Chief Marketing Officer for Syncplicity. Syncplicity also offers three different types of accounts: a free account that comes with 2GB of storage for one person with two devices, a personal account with 50GB of storage for people with up to three devices for $15 per month, and a business edition that also has 50GB of shared capacity for up to three users with an unlimited number of devices for $45 per month.

According to Schultz, Syncplicity’s service gives IT administrators the ability to manage users centrally. Administrators can also set permissions for the system, like defining whether or not users are allowed to share files outside of a business. In addition to that, the service allows admins to set up default configurations for what files will be synchronized in the cloud and also allows admins to remotely wipe all files from a device.

“It also allows them to set up policies regarding data retention. For example, if you share files with contractors and the contract expires, using Syncplicity you can automate the process of deleting the files off the contractor’s computers,” Schultz added.

With the Android UI, users are able share files of unlimited size with others, even if the others do not have a Syncplicity account, from their Android device without needing to access their computers, whether it be directly or via VPN. And because this new services supports tablets running Android, it can also be used with the new Kindle Fire according to Schultz.

Schultz added, “Let’s say the user is on the road and they are asked to look at a file or send a file. Because of Syncplicity’s approach… all files are automatically accessible on their mobile device. They can see updates by them or others they’re working with. When they’re done working on a file, they can then use their Android device to upload it back to Syncplicity.”

In addition to that, the service also includes versioning, or keeping multiple copies of a file’s history. Whenever a Syncplicity user wants to share a file with a non-Syncplicity user, the user only needs to click on the file, retrieve a URL and send that link to the other person via an Android OS-enabled device. The Android capability is also free and comes with Syncplicity’s Business Edition.

Source: Computer World – Cloud service Syncplicity adds file sharing for Android

SMBnow.com is news of, for and by SMBs!
SMBnow.com… The Small & Medium Business Magazine!

One of the leading providers of open source solutions in the world, Red Hat, has just announced a collaboration with Science Applications International Corporation to demonstrate, as well as deliver, innovative solutions that maximize the use of open source cloud computing technologies.

Multiple Red Hat solutions, all of which offer security, scalability, interoperability and portability in order to reduce infrastructure and provide increased capabilities for the U.S. Department of Defense, will be deployed in Science Applications International Corporation’s new Advanced Computer Engineering (ACE) Laboratory located in North Charleston, South Carolina adjacent to customers of both Red Hat and SAIC.

The ACE Laboratory, as it is being called, will serve as the foundation for open community and provide an environment to maximize pubic and private cooperation focused on solving complex operational and computational problems. The lab will provide physical and virtual environments for hands-on collaborations between SAIC, other contractors, small businesses, information technology vendors and government employees.

Via emerging technological exploration and innovative solution demonstrations, the ACE Laboratory aims to foster collaboration, as well as information sharing, promote cloud computing best practices and deliver low-cost, enterprise scale “create once, optimally manage and reuse often” solutions.

These two companies bring commercial patterns and practices that are specifically engineered to reduce cost, enable more agile service delivery and allow customers of the Department of Defense to overcome barriers to cloud adoption. Collaborators with the ACE Laboratory will discover how Red Hat’s modular and open technology portfolio, which is designed to run consistently across physical servers, virtual platforms and private/public clouds, can be integrated into their cloud architecture.

According to Vice President and General Manager of the Public Sector for Red Hat Paul Smith, “Red Hat has a longstanding relationship with SAIC to provide open source technologies and methodologies on large programs in the federal government, dating back to our first master marketing agreement in 2006. This most recent iteration capitalizes the widespread use by cloud providers of open source architectures to deliver services. Red Hat is a leading provider of supported, secure and scalable products for both IaaS and PaaS.”

Senior Vice President and Business Unit General Manager for SAIC Jim Thigpen added to that saying, “Using our ACE Lab, SAIC experts work with customers to develop advanced engineering solutions for some of our nation’s most significant cyber and software challenges. With Red Hat on our team, we’re continually finding ways to use our expertise to help keep customers a step ahead of the curve when it comes to cloud computing.”

Source: Market Watch – Red Hat Announces Cloud Computing Alliance with SAIC

The next time you take your computer in to get serviced or repaired, make sure you take any and all incriminating evidence off of it first. That is the lesson one man is wishing he had learned a long time ago, before his computer ever messed up and before he took it in to get serviced.

Images, as well as videos, of suspected child pornography were found on a computer that was dropped off for repairs. This subsequently led to criminal charges being pressed against a 63-year-old man. Earl R. Idle was recently charged in the Tippecanoe Superior Court 1 with six counts of possession of child pornography, all of which are Class D Felonies. In addition to that, a warrant was also issued for Idle’s arrest.

As of Tuesday, Idle had not been booked into the Tippecanoe County Jail and a home telephone number could not be found to reach him. What’s more is that Idle took his computer into Joe Pro’s Computer Services way back in April of 2010. Charges are just now being filed due to time needed to perform a forensic evaluation. The investigation began in April 2010 when Joe Pro’s employees called the Lafayette police.

According to a probable cause affidavit, Idle took his computer into the shop to have a virus removed. When transferring files back to Idle’s computer, an employee discovered nude photographs of girls who appeared to be only 9 or 10 years old.

The best part is Idle’s excuse. Idle allegedly claimed that he knew all about the photos but didn’t delete them because they belonged to his “daughter Jennifer”. What’s funny is that investigators spoke to another of Idle’s children who stated that Idle doesn’t even have a daughter named Jennifer.

Detectives performed a forensic examination of Idle’s computer, as well as a thumb drive from his home, and discovered a total of 79 images and four videos of young girls engaging in sexual activities. It is suspected that Idle obtained the images online and not from personal interaction with the girls.

Source: jconline.com – Computer service leads to porn charges

Rack-Mount Server rentalsare ideal if your company needs an extra storage unit for company information while you are testing various types of storage solutions.Whether you need a short-term rental or a long-term lease, we have the right kind of server for your needs.

Did you just have your company website secured with all the latest software patches and tested by “ethical hackers”? Well that’s fantastic, but it doesn’t mean that it will keep away the scammers, which are just as bad if not worse, than getting a nasty computer virus.

If anything, fraudsters, as they have become to be known, are highly adaptable and always looking for ways to exploit marketing campaigns or incentive programs. In addition, they often find ways to abuse a system that weren’t considered by either fraud or security specialists.

According to Laura Mather, founder and chief strategy officer for Silver Tail Systems, a company that ran a marketing incentive program not too long ago that offered $5 to people who referred their friends to sign up for an account gave away $2 million of the $8 million total to a single person living in Eastern Europe.

“There was no bug in the system,” Mather, who has previously worked in fraud prevention for sites such as eBay and PayPal, stated. “The criminal was using the website in the way it was intended.” To put it simply, the fraudster registered a domain with a lot of email addresses and registered all of them. According to Mather, “What happens in these cases, the marketing team that launches the program celebrates, and then the fraud team goes, ‘I think we need to look at your data.’”

If it is easy for a single person to take so much money from a single company, the possibilities of what could be are extremely worrisome. The internet is already facing an outbreak of highly skilled hackers that are taking aim at some of the biggest companies out there and the last thing anybody needs are these fraudsters taking everybody’s money.

Source: PC World – Fraudsters Find Creative Ways to Abuse E-commerce Sites