Will the Chromebook truly compete in today’s market?

Up until two years ago, my school was running Microsoft Exchange Server for student and staff email, and it made the Technology Office’s life miserable. I believe we had three servers just dedicated to handling the email of 550 staff and students. A tremendous amount of time was spent backing up email, troubleshooting Exchange issues, clearing out spam, patching and upgrading Exchange servers, managing security and dealing with various user issues.

Then we switched to Gmail (which is free for schools) and most of those administrative headaches disappeared. We no longer spend time or waste money on backing up and patching the servers. In the year I have been there, Gmail has been down exactly once – a pretty amazing statistic compared to the issues we dealt with previously.
However, nothing is free. Joe is right – Google is instilling brand loyalty into future customers who may be using their products for the next thirty or forty years. I also suspect that while Google doesn’t serve up ads in it’s school products, it’s still doing extensive data mining of every email or Google Doc residing on the servers of the Googleplex. Only God knows what they do with all that data living on their servers.

Oil Rigs Could Be Incapacitated by Malware

There’s a story in the Houston Chronicle that malware has incapacitated the computer networks of some oil rigs and platforms. This malware was unintentionally downloaded by oil workers. The malware gained access to the oil platforms and rigs in several ways:

  1. OIl workers brought it aboard on their laptops or via USB drives.
  2. Infected music and pornogrophy files were downloaded directly through oil rig satellite connections.

Experts are concerned, because a worst case scenario could involve compromised safety systems that could cause a well blow out, an explosion, an oil spill or even the loss of human life.

One such instance caused a system to lock up on a facility in the Gulf of Mexico.

The principal tactical analyst for the National Electric Sector Cybersecurity Organization, Jack Whitsitt, said a typical malware infection on energy infrastructure would likely cause no serious problems. But he said a tailored attack, engineered to target a facility through widely distributed malware, could have dangerous repercussions.
Click here for the article from the Houstan Chronicle

Apple Employee Computers Hacked

On Tuesday Apple disclosed that a small number of employee computers had been hacked via a vulnerability in the Java plug-in for browsers.

Facebook security had been breached in a similar manner.

An Apple spokesperson told the website AllThingsD that “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.”

Apple has not included an enabled version of the Java plug-in on it’s Macs since Mac OS X Lion shipped in October 2010.

The article on AllThingsD can be found here. There is a story on Reuters that can be found here.

Chinese Military tied to Hacking

There’s a story out on the web that a Chinese Army unit has been linked to widespread hacking of U.S. interests.

 There is growing evidence, confirmed by American inteligence officials, that People’s Liberation Army Unit 61398 has been behind a large percentage of attacks on U.S. governmental agencies, corporations, and organizations.
The computer security company Mandiant is releasing a 60 page study today that tracks individuals of the Chinese hacking groups “Comment Crew” and “Shanghai Group” to a physical location within the neighborhood of the 12 story building used as the headquarters of PLA Unit 61398.
Kevin Mandia, the founder of Mandiant, said, “Either they are coming from inside Unit 61398, or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
Other security companies confirm Manidant’s assertion of links between the Chinese militarty and these hacking groups.
The hacking group “Comment Crew” has in the past stolen terabytes of data from U.S. corporations. However, it’s focus seems to be shifting toward companies involved in U.S. infrastructure, such as waterworks, gas lines, and the electrical power grid.

Porn Sites safer to browse than Religious Sites?

According to Symantec’s recent state of the Internet Report, there was an interesting statistic: adult/pornographic sites have three times fewer threats per infected site than religious or ideological sites.

This seems counter-intuitive. However, Symantec had a possible explanation: “We hypothesize that this is because pornographic website owners already make money from the Internet, and as a result, have a vested interest in keeping their sites malware-free – it’s not good for repeat business,” the company said.

This is a link to the PC Magazine article.

This is a link to the Symantec report.

It’s not just fake banking websites – ATM Machines can be spoofed

Scammers aren’t just faking websites, they’re also spoofing your ATM machine.

There have been a number of cases where criminals have attached a false card slot on top of an ATM’s legitimate card slot. The false slot contains a second card reader, which captures and store’s your ATM Card number when you insert your card. A miniature wireless camera, disguised as a pamphlet holder affixed to the ATM machine record’s your PIN number when you type it on the keypad.

Both the camera and the second card reader could be wireless, with the thieves up to several hundred feet away recording legitimate ATM transactions. What’s really brilliant about this is the ATM machine still dispenses cash and a receipt as normal – you probably wouldn’t know that your ATM card and PIN have just been hacked.

Click here to view the original article. This site has pictures of the second card reader, attached to an ATM, as well as the camera.

Electronic Door Locks, Lighting and Elevators Vulnerable to Hackers

Wired magazine has an article about how certain company’s electronic locks, lighting systems, elevator control systems, video surveillance systems, etc are vulnerable to hacking.

These systems, sold by the company Tridium, operate on a Windows system running a Java virtual machine and the Tridium client software, as well as the company’s embedded software. The vulnerability could allow hackers to get root access to this system.

Billy Rios and Terry McCorkle are the security researchers who discovered the zero day vulnerability. “The platform is written in Java, which is really, really good from an exploitation standpoint,” Rios said. “Once we can own the platform, a lot of the other stuff is very, very straightforward [to attack].”

http://www.wired.com/threatlevel/2013/02/tridium-niagara-zero-day/

New Encryption APP for Smart Phones

The creators of PGP encryption and Apple’s whole-disk encryption have teamed up to form Silent Circle, a company that has created a new App called “Silent Text” which will easily give the average user the ability to encrypt a document, image, or video on their smart phone, send it to someone else, and then “shred” the original file without leaving a trace on the Smart Phone.

Law enforcement agencies are concerned about the potential for abuse of such an App by criminals or terrorists.

However, Mike Janke, the CEO of Silent Circle, believes that “Every citizen has a right to communicate, the right to send data without the fear that of it being grabbed out of the air and used by criminals, stored by governments, and aggregated by companies that sell it.”

According to the article, some human rights reporters have already used the App to take a video of brutality that took place at a checkpoint in South Sudan. The human rights reporters were able to shoot a video of the abuse, upload it to collegues thousands of miles away, and have the video deleted off their device. This helped ease the fear of being caught with the video.

http://www.slate.com/articles/technology/future_tense/2013/02/silent_circle_s_latest_app_democratizes_encryption_governments_won_t_be.html?wpisrc=most_viral