A single character sent by text message could allegedly compromise every iPhone released to date. The technique involves sending only one unusual text character or else a series of ‘invisible’ messages that confuse the phone and open the door to attack. Apple has not released any updates yet, so little can be done, except to power off your iPhone to avoid being hacked.”Read more of this story at Slashdot. [Link]
Malware posing as antivirus software is spreading fast with tens of millions of computers infected each month, according to a report to be released on Wednesday from PandaLabs.
PandaLabs found 1,000 samples of fake antivirus software in the first quarter of 2008. In a year, that number had grown to 111,000. And in the second quarter of 2009, it reached 374,000, Luis Corrons, technical director of PandaLabs said in a recent interview.
“We’ve created a specific team to deal with this,” he said, of the rogue antivirus software that issues false warnings of infections in order to get people to pay for software they don’t need. The programs also typically download a Trojan or other malware.
PandaLabs found that 3 percent to 5 percent of all the people who scanned their PCs with Panda antivirus software were infected. Using that and worldwide computer stats from Forrester, PandaLabs estimates there could be as many as 35 million computers infected per month with rogue antivirus programs.
About 3 percent of the people who see the fake warnings fall for it, forking over $50 for an annual license or $80 for a lifetime license, according to Corrons.
Last September, a hacker was able to infiltrate rogue antivirus maker Baka Software and discovered that in one period an affiliate made more than $80,000 in about a week, said Sean-Paul Correll, a PandaLabs threat researcher.
A Finjan report from March estimated that fake antivirus distributors can make more than $10,000 a day.
“The general consumer doesn’t understand” the threat, Correll said. “No legitimate antivirus vendor will start a scan automatically on your computer without your consent.”
After all the hoopla about the Conficker threat, researchers seemed almost relieved that it turned out to distribute fake antivirus software instead of something much worse.
This article was originally published on CNET News.
MI5 has closed up a flaw on its website that could have opened up visitors to malicious attacks, the UK intelligence agency said.
The website suffered a cross-site scripting vulnerability that could have allowed hackers to inject code into the site and redirect users to malicious pages, MI5 admitted on Wednesday.
However, the government service insisted the website had been secured quickly, and that at no time had any intelligence operatives been exposed by the hack.
“MI5 takes security very seriously,” the intelligence agency told ZDNet UK. “The website is secure and hosted in a high-security environment.”
Last week, a hacker with the handle ‘[-TE-]-Neo’ wrote that the MI5 website was vulnerable to cross-site scripting and Iframe injection. The hacker put the post on the Team Elite hacker forum last Tuesday, claiming the site was breachable through the search engine.
The MI5 site uses an embedded Google search engine, said a spokesperson for the agency, who also confirmed that the site had been vulnerable through the search tool. However, the website is hosted separately from MI5’s back-end systems and is not connected to sensitive data, the spokesperson added.
Once MI5 was informed of the vulnerability, it took action to remedy the situation, said the spokesperson. The flaw was not maliciously exploited and had been limited to that search engine.
That didn’t take long. It has only been a week since the official Windows 7 RTM announcement by Microsoft, but crackers have already managed to activate and validate the tricked-out Ultimate version of the OS. The hack is nothing new, as it borrows the same techniques used to bypass activation and verification of previous Vista editions.
According to Softpedia, crackers somehow obtained a copy of an OEM Windows 7 Ultimate disc from Lenovo. From there, they were able to extract two critical bits of information: Windows 7’s OEM-SLP (system-locked pre-installation) product key and the OEM certificate for Windows 7 Ultimate.
But before these can be of any value, one first has to modify a system’s BIOS to fool the operating system into believing that the PC is an authentic OEM machine. This is done by tweaking the values found in the Software Licensing Description Table (SLIC) that is stored in the system’s memory during boot-up.
Once a person has disguised a system as a legitimate OEM machine, the OEM-SLP and OEM certificate allow for permanent, validated activation of the operating system. To Microsoft, the PC is no different from a functional OEM machine–and the “OEM machine,” in turn, has no need to call back to Microsoft’s activation servers for any kind of additional verification. That would defeat the convenient basis behind the creation of SLIC-based OEM activations in the first place.
Just because the OEM disc and keys came from Lenovo doesn’t mean that the crack is exclusive to that brand. According to Softpedia, the crack has proven successful on Dell, HP, and MSI machines as well.
When Sky News launched an undercover investigation into PC repair shops, it turned to PC Pro readers for help with identifying rogue traders. As a result, Sky’s cameras caught technicians scouring through private photos, stealing passwords and over-charging for basic repairs. Here is what they found
How many technicians does it take to fix a laptop? Just one, but if you know where to find him, please let us know.
We’d heard there were serious problems with computer repair shops: faults misdiagnosed, overcharging for work and data deleted. So we put them to the test in order to find out why customers were getting such a raw deal and who the culprits were.
The exercise was simple. Create a simple fault on a laptop, load it with spy software, take it into several repair shops, then sit back and see what happened. Would they arrive at the same diagnosis and charge us a fair price to fix it?
First, Sky News engineers installed professional spy software on a new laptop. Spector Pro was programmed to load on start-up and silently record every ‘event’ that took place. If the mouse was moved, a folder opened or a file looked at, we would know about it. Every event would also trigger a screen snapshot to be taken.
We also installed Digiwatcher. This devious little tool auto-runs on start-up and quietly tells any connected webcam to secretly film whoever is at the machine. The process is invisible and the video file is hidden on the hard drive and password protected.
We then filled the hard drive with the sort of data anyone might have on their PC: holiday photos, curriculum vitae, MP3s, Word documents and log-in details. Our laptop now looked just like any other.
To create the fault, we simply loosened one of the memory chips so Windows wouldn’t load. To get things working again, one needs only push the chip back into the slot and reboot the machine. Any half-way competent engineers should fix it in minutes.
All we needed now was our targets. We teamed up with PC Pro readers to track down shops with the worst reputation and took our laptop into be repaired. We expected poor customer service, but nothing prepared us for the first shop we visited.
Snooping on holiday snaps
Laptop Revival in Hammersmith initially offered us a free diagnosis when we dropped our laptop off. Yet the spy software later revealed something extraordinary. The webcam shows that almost immediately the technician discovers our loose memory chip and clicks it back into position [based on recorded boot and shut down times]. The machine is rebooted and the problem solved.
Yet he then begins browsing through our hard drive. A folder marked ‘Private’ is opened and he flicks through our researcher’s holiday photographs, including intimate snaps of her wearing a bikini. He stares at picture after picture, stopping only to show them to colleagues.
He then picks up the phone and calls our researcher. He tells her our motherboard is faulty and will need to be replaced. Usually it costs £130 but he’ll do it for £100. We tell him we’ll think about it and call him tomorrow.
After more snooping, he logs off. But a few hours later, another technician boots our machine. He also begins searching our hard drive until he finds log-in details for our Facebook and Hotmail accounts. With a cackle he removes a memory stick from around his neck, plugs it in and then copies them across.
He also discovers our holiday photos and copies those of our researcher in her bikini. The spy software takes a snapshot of the files on his memory stick. One is called “MAMMA JAMMAS” (urban slang for females with large breasts). It contains more holiday snaps of girls in their bikinis.
Most worryingly, when he discovers log-in details for our online bank account, he logs onto the bank’s website and attempts to break into the account. He only fails because the details we created were false.
Laptop Revival declined to comment when confronted by Sky’s cameras.
Covering up
There were similar problems with Digitech in Putney. Although its staff fixed our fault, they also spent a while snooping. The webcam reveals the technician takes a quick look over his shoulder, before flicking through our holiday pictures. He then attempts to clean up what he’s done by deleting the Recent Documents folder. Digitech later told Sky that it was looking at the photos to test the memory.
There were also difficulties with PC World in Brentford. The technician triumphantly diagnosed a faulty motherboard and insisted we needed a new one. We were told unless we paid £230 in advance, we couldn’t have it repaired. We agreed. But when we collected the laptop and got it home, we discovered only a memory chip had been replaced and not the motherboard.
PC World said the technician “should not have made an assumption about the cause of the fault of the laptop” and offered to refund £200 of the repair fee.
Bungled repairs
Meanwhile, at Evnova Computers in Barbican the loose memory chip was also spotted and fixed. But the company also told us we needed a new motherboard. We declined the offer and collected our laptop. When we examined it, we discovered technicians had soldered the memory bus pins together to recreate the original fault. Evnova later claimed it believed we were from a rival repair company.
We also had issues with Micro Anvika on London’s Tottenham Court Road. It seems the company fixed our laptop then called us to claim it needed to examine the machine to find the fault. We were charged £145. All this for a loose memory chip. Micro Anvika later told us we should only have been charged £95.
Only one shop performed flawlessly. Pix 4 in Shepherds Bush took its time to carefully examine our machine while we waited. The staff promptly discovered the loose chip, popped it back into place and told us with a smile there would be no charge.
Prepare for repairs
So a word of warning. Always back up sensitive data and remove it from your laptop before taking it to be repaired (if you can). Clear the cache of log-in details and passwords and always get more than one quote.
And bear in mind technicians often place all objects in the world into one of two categories: things that need to be fixed and things that will need to be fixed after they’ve had a few minutes to play with them.
On Sunday, July 26, OnForce made enhancements to the OnForce platform. Two key features included:
* New Manager User Type:In an effort to help Pros better manage their work order volume, OnForce created a new user account type, called Manager. As a Manager, this person can accept and reject work orders, make offers, add notes, as well as provide ratings on behalf of the Pro Supervisor or other Pros in the company account. However he/she cannot complete work orders, access company funds, change the companys tax information, or add other Managers to the account. Please note that multiple Managers can log into the company account at the same time. For more information regarding Pro account types, please click here.
* New Options When Rejecting Work Orders:In order to provide clarification to buyers as to why you rejected a specific work order, OnForce added two new options, including Work Order Location Too Far and Part Location Too Far.
Source: onforce.com
Partners and ISVs can now work with the final engineering version of the OS as they build out their own solutions heading toward the general availability launch of the products this fall.
Microsoft’s forthcoming Windows 7 operating system was released to manufacturing on Wednesday, a milestone that signals the formal completion of the engineering development phase.
Partners and ISVs can work with the final version, with locked-in code and features, as they build out their own solutions heading toward the general availability launch of the products this fall, according to Microsoft.
“Not only is RTM an important milestone for us – it’s also an important milestone for our partners,” wrote one member of the engineering team on the Windows Blog. “Today’s release is the result of hard work and collaboration with our partners in the industry to make Windows 7 a success. We delivered Windows 7 with a predictable feature set on a predictable timetable that allowed OEMs to focus on value and differentiation for their customers.”
Windows 7 is due out in general release on Oct. 22 and has been so far reviewed favorably by partners, who are smarting from the abject failure of Microsoft’s current client OS, Windows Vista, to take any respectable hold in the marketplace. PC manufacturers and hardware resellers are also placing bets that Windows 7 uptick will drive new sales of systems.
Microsoft said 16,000 partners, including ISVs and OEMs, have been participating in the Windows 7 Readiness program, already building out solutions. Mike Nash, corporate vice president of Windows Product Management, told Channel Insider that solution providers and VARs will find as much opportunity in Windows 7 as their ISV and OEM counterparts.
“What can VARs do? They can help customers running Windows XP to make the move to Windows 7,” he said. “Even with the great work of XP SP2, the gap between it and Windows 7 is significant for the browser, the core OS and other features we’ve enhanced. That’s an opportunity.”
While partners are optimistic about Windows 7’s potential, many still see their fortunes tied to customers finally getting around to the PC upgrade process.
“Most of our customers don’t ever upgrade to a new OS on its own; they do so when buy new PCs,” said Brian Jaenisch, Microsoft partner business development manager at Marco, in St. Cloud, Minn. “So today, that amounts to a lot of platform work for us around Windows 7.”
IDC is also predicting that Windows 7 adoption will take place quickly, with 177 million units shipped by the end of next year.
When fall 2009 arrives in North America, Digium hopes to stage an Asterisk uprising. Digium is planning at least two major training and education events for the open source IP PBX. Here’s the scoop, from The VAR Guy.
First up, Digium in September will host a series of Asterisk training courses at ITExpo in Los Angeles. Then, Digium will play an encore at the Astricon conference, scheduled for Oct. 13-15 in Glendale, Ariz. Heck, even The VAR Guy is drinking some of the Asterisk Kool Aid. During Astricon, our resident blogger will lead a session on Asterisk in the IT channel. Resellers welcome.
Astricon typically attracts “hundreds” of people who work with phone systems, unified communications and Voice over IP (VoIP), according to a prepared Digium statement.
On the channel front, Digium has signed up distributors across the globe. Prime examples in North America include ABP Technology, Interlink Communication Systems, NetXUSA, Westcon Group and Williams Telecommunications Group. Eager resellers include The Fulcrum Group, a North Texas provider of voice and data solutions.
According to a prepared statement:
The Fulcrum Group has deployed and supported Asterisk-based telephony systems since 2007. The company’s current clients include nationally recognized law firms, health care providers, financial services firms, banks, real estate companies, government agencies, manufacturers, performance centers, nonprofits, and research centers.
No doubt, Digium Director of Global Channel Sales Jim Butler is striving to push Asterisk deeper into the channel. And company insiders are working the blogosphere, assuring readers that privately held Digium is profitable and growing.
So far, so good. But let’s keep it all in perspective. Even as Asterisk gains momentum, Cisco Systems continues to employ roughly 67,000 people and generates roughly $40 billion in annual revenues. Meanwhile, Digium is privately held and certainly isn’t in the $1 billion neighborhood yet.
SOURCE: http://www.thevarguy.com/2009/07/10/digium-asterisk-rising-in-the-fall/
Field Solutions, North America’s premier independent field service technician
resource, announces a suite of eight (8) new Automated Contact Services (“ACS Suite”) that sets a new standard in reducing clients’ service management costs, while speeding dispatch and improving the quality
control of outsourced field service. Real-time integration of SMS/Text messaging and IVR automated telephonic services into the work order management process allows clients to aggressively reduce service department costs while increasing field service contact, technician feedback, and real-time work order process control.
Field Solutions’ new ACS suite supports every step of the work order management process, from announcement through paperwork completion. Now Field Solutions’ automatic technician notifications and reminders, technician remote confirmation and status updates, and real-time service “alerts” for variation from performance expectations allows real-time quality monitoring, assurance, and action.