Hackers using multi-exploit attack "toolkits" take defensive measures of their own against other criminals, a security researcher said today.
"Exploit kit operators do use mainstream browsers, but they're much more likely to use Opera than the average user, because they know that the browser isn't targeted by other hackers," said Paul Royal, a principal security researcher with Atlanta-based Purewire.
While the most generous Web measurements peg Opera, a browser made by Norwegian company Opera Software, at a 2% share of the global market, 26% of the hackers who Purewire identified use the far-from-popular application.
Because of its small market share, few hackers bother to unleash exploits for Opera vulnerabilities, said Royal.
Purewire obtained this insight, and others, by infiltrating hackers' systems using a bug in the analytics software included with a pair of hacker toolkits, notably one dubbed "LuckySploit," said Royal. "We forged a 'refer' field and put in a little JavaScript," he explained, "and that revealed the hackers to us via their IP addresses."
Out of 51 exploit kit-using hackers, Purewire's tactic successfully identified the IP addresses of 15, as well as the browsers they ran. "We essentially did a code audit," said Royal. "Even criminals who attack others cannot architect reliable software," he added, talking about the vulnerabilities in the toolkits.
Most multi-strike attack kits, including LuckySploit, serve up a grab bag of exploits, including code that leverages vulnerabilities in Microsoft's Internet Explorer (IE), in ActiveX controls that IE uses, and in Adobe's Flash Player and Reader.
Criminals also try to hide from law enforcement by distancing themselves from the servers that host their exploit kits, said Royal. Of the 15 hackers Purewire identified, only two -- both with IP addresses traced to Latvia -- resided in the same country that also hosted the system containing their attack kit.
Most had at least one country between where they lived and where their malware-serving machine was located.
"This is a first stab," Royal said when asked what value could be placed on the information Purewire rooted out. "If we can discover the IP addresses of exploit kit operators, we can then turn that over to law enforcement."
Exploit toolkits are a prominent weapon in hacker arsenals, especially for "drive-by" attacks launched when unwary users are tricked into visiting Web sites by spam. Last month, for example, thousands of legitimate, but compromised, sites served up a multi-strike kit that included an exploit of a then-unpatched vulnerability in a Microsoft-made ActiveX control.
One in four hackers runs Opera to ward off other criminals
Microsoft frees Linux driver source code
Computerworld - Microsoft Corp.'s unprecedented release last week of more than 20,000 lines of driver code to the Linux community could put pressure on several top suppliers of closed-source drivers to make similar moves.
Observers note that virtualization vendor VMware Inc., Wi-Fi chip maker Broadcom Corp. and graphics chip maker Nvidia Inc. still decline to offer their Linux drivers under the General Public License, a free software license widely used in the open-source community.
Doing so would allow the drivers to be included in the open-source Linux kernel, making the installation process much smoother. It would also enable developers to tinker with and fix them.
Gordon Haff, an analyst at Illuminata Inc., said he doesn't expect Microsoft's move to persuade those vendors to open their drivers.
Graphics companies like Nvidia, he said, "have been taking heat over Linux drivers for years. But they see their driver technology as just too big a part of their competitive advantage to give much."
And VMware, as "the 800-pound gorilla," doesn't have to release its code, Haff added. "The pressure is more on the Linux distributors to work with VMware than the other way around."
Officials at VMware and Nvidia didn't respond to requests for comment. In a statement, Broadcom said that it "is working with the community to make this happen over the next several months."
Tom Hanrahan, director of Microsoft's Open Source Technology Center, said in a statement that submitting the code for inclusion in the Linux kernel marks "the first time we've released code directly to the Linux community."
The drivers enable Linux virtual machines to run on top of Microsoft's Hyper-V virtualization software. They are already available for enterprises in a patch and will be generally available in several months as part of the next major Linux kernel update, said Greg Kroah-Hartman, a longtime Linux developer at Novell Inc. and head of the Linux Driver Project, which works with manufacturers to submit kernel code to the open-source community.
Opera, Chrome not officially supported by Office Web Apps
DG News Service - Microsoft Corp. has left the Opera and Google Chrome browsers off the list of those officially supported by its Web-based Office applications, which will be available worldwide in technical preview sometime this month.
In a blog posting on the Office Web Apps blog, Microsoft listed its Internet Explorer 7 and 8 browsers as well as Mozilla Firefox 3.5 on Windows, Mac and Linux, and Safari 4 on Mac, as the official browsers supported by applications. Office Web Apps are Web-based versions of Microsoft's Word, PowerPoint, Excel and OneNote desktop applications.
Absent from that list are the Opera and Chrome browsers, which have significantly less market share than either Internet Explorer or Firefox but are still competitors in the global browser market.
Opera is the European-based browser company that was instrumental in the European Commission's bringing an antitrust suit against Microsoft over the inclusion of Internet Explorer in Windows. The suit has caused Microsoft to pull Internet Explorer 8 out of Windows 7 in Europe and offer a choice of browsers in the operating system.
Google, which makes Chrome, is one of Microsoft's main competitors, and recently unveiled a plan to build a desktop OS of the same name to compete with Windows. Microsoft's decision to put its Office productivity apps online is due to competition from Google Docs -- Google's Web-based office suite -- in the low end of the market for productivity applications.
Microsoft said in the post, attributed to Gareth Howell, program manager for Office Web Apps, that people should try using the applications in other browsers besides the officially supported ones, and provide feedback to the company about how they work.
"If you prefer to use another browser you should still give the Web Apps a try," he wrote in the post. "While we cannot officially support all browsers, customers will not be blocked from using them. It is a goal of the Web Apps to have broad compatibility and reach."
In comments about the blog post, one Opera user playfully chided Microsoft for not supporting Opera with the applications.
"Not MY browser then...**sniff**," posted a user called "Massif." "That's fine, I'll be alright. Opera users need a little love too occasionally though, we can't live on acid tests alone."
Howell responded to Massif's post by apologizing and adding that Microsoft may consider officially supporting other browsers after the release of the applications.
"Sorry that we didn't get your favorite browser into the officially supported list this time," Howell posted. "Once the Web Apps release we'll investigate expanding our supported browser matrix. Give it a try in Opera and let us know if you see issues."
Microsoft said the company optimized Office Web Apps for the most commonly used browsers first and plans to add others over time.
Opera and Google did not immediately respond to requests for comment.
DDoS attack that downed Twitter also hit Facebook
Computerworld - The same denial-of-service attack that took down Twitter this morning also slammed Facebook but with much less dramatic results.
Facebook noted on its site this afternoon that it too was fending off a distributed denial-of-service attack that was slowing its site. Unlike Twitter, which was down for two hours this morning, Facebook remained online.
"You may have had trouble accessing Facebook earlier today because of network issues related to an apparent distributed denial-of-service attack," the company wrote. "We have restored full access for most people. We'll keep monitoring the situation to make sure you have the reliable experience you expect from us."
Web site performance monitor AlertSite reported that Twitter's site wasn't back 100% until 2 p.m. EDT. AlertSite also noted that Facebook appeared to suffer little more than a few sporadic errors. Facebook's availability was at 97% at 10 a.m. when the attack was underway, and it was up to 100% availability soon after that.
While there's little more than online chatter and guesswork about the origins of the attacks, security analysts say the incident raises red flags that two giant Internet companies, like Twitter and Facebook would be hit in the same assault.
Randy Abrams, director of technical education at ESET, an IT security company based in Bratislava, Slovakia, said his best guess is that a major botnet herder was offering a demonstration of the power of his botnet to a potential client with a major target in mind.
"They could have been saying, 'Look what I can do to Twitter. I think my botnet can handle whatever you want it to do,'" said Abrams. "I'd put my money on this being a demonstration, a show of force, by someone looking to hire out their botnet."
Graham Cluley, senior technology consultant for Sophos, told Computerworld that whoever launched the attacks should beware the clout of those he's going after.
"Anything is possible, and we could make guesses like this until the cows come home ... We simply don't have enough information yet to be certain as to what the motivation was," he said. "One thing is certain -- if they did do this as a demonstration of how powerful their botnet is, they've just made themselves some new and angry enemies in the shape of some major Web 2.0 companies. I wouldn't be surprised if the computer crime authorities put some serious effort into trying to track down whoever was responsible. After all, if they can bring down social networking sites they can bring down banking sites."
Cluley also said it's not yet clear why Facebook faired so much better than Twitter. It could have been that the bulk of the assault was aimed at Twitter or that their defenses simply weren't as tough.
The attack against Twitter brought the site down between 9 a.m. and 11 a.m. EDT this morning. This afternoon, the microblogging site was still struggling with slowdowns and interruptions caused by the assault.
"As we recover, users will experience some longer load times and slowness," Twitter reported in its status update at 12:46 p.m. EDT. "This includes timeouts to API clients. We're working to get back to 100% as quickly as we can." The company had not posted another update by 3:30 p.m.
Oddly enough, even though the attack hit both Twitter and Facebook, while Twitter was down, frustrated users vented on Facebook. One Facebook user noted, "Suffering tweet withdrawal."
Facebook attracting more users with gray hair, wrinkles
Computerworld - Facebook is growing in popularity and its users are growing long in the tooth, according to a study released this week.
A report released by iStrategyLabs show that while the number of Facebook's U.S. high school and college-age users declined over the past six months, its popularity among the 55-and-older crowd is booming. In fact, the number of 55-and-older Facebook users showed staggering growth -- 513.7% -- in the last six months, the digital consulting firm said.
This isn't a new phenomenon for Facebook. In March, Hitwise Pty. reported that the social network's audience of people over the ripe old age of 35 increased by 23% in February compared with the same month last year. While Facebook was first launched to serve college students, over the past year or so the network has expanded to include many middle-aged folks.
While social networking sites were thought to be the domain of teenagers wanting to talk about school dances and their latest favorite band, it now looks like a quickly growing number of people on Facebook are closer to receiving their first copy of AARP than they are to taking their first college class.
The iStrategyLabs report also shows a 190.2% growth in the 35- to 54-year-old category.
Facebook isn't the only social network attracting older users.
A comScore, Inc. report released in April showed that people aged 45 to 54 are 36% more likely than other age group to use the Twitter microblogging site. That category is the biggest user of Twitter, followed by those aged 25 to 34, who are 30% more likely to Tweet out updates about their life and work.
And the news isn't just about older users joining social networking sites. Part of it about asking where the younger users are going?
The iStrategyLabs report notes that students are apparently fleeing Facebook. The report shows that Facebook has 16.5% fewer high school students on it and 21.7% fewer college students than six months ago.
"There have been rumors that these younger user groups are being alienated by their parents joining the service, and this data seems to prove it," said Peter Corbett, CEO of iStrategyLabs in a blog post.
Overall, Facebook showed strong growth over the last six months, with the number of U.S.-based users up 70.8%. And, ccording to iStrategyLabs, 54.6% of the social networking site's users are female.
Google launches Chrome for Mac, Linux
Computerworld - Google Inc. late Thursday released developer-only versions of its Chrome browser for Mac and Linux, making good on a nine-month-old promise that it would eventually add those editions to the Windows version that debuted last September.
The Mac and Linux versions are rough and unstable, warned Google. "We have early developer channel versions of Google Chrome for Mac OS X and Linux, but whatever you do, please DON'T DOWNLOAD THEM!" said Mike Smith and Karen Grunberg, a pair of Chrome product managers, in an entry to a Google blog. "Unless of course you are a developer or take great pleasure in incomplete, unpredictable, and potentially crashing software."
The new versions lack important features and functionality, Smith and Grunberg warned, including compatibility with Adobe's Flash Player plug-in and printing. A current bug list catalogs other missing pieces, ranging from a working bookmark manager to a memory leak.
Google launched Chrome Sept. 2, 2008, as a Windows-only browser, but began taking names for a notification list for Mac users that same day, and for Linux users shortly after.
Chrome accounted for approximately 1.8% of those used last month, according to the most recent data from Web metric company Net Applications, a surge of 27% from the month before.
On Windows, Chrome comes in three flavors: Google's developer, beta and stable versions, in ascending order of fit and finish. Google releases more developer preview builds than betas, which in turn accumulate until the company's satisfied with their progress enough to roll out another stable build.
"[We're] trying to get Google Chrome on these platforms stable enough for a beta release as soon as possible!" added Smith and Grunberg.
Although the two program managers acknowledged that the developer preview crashes, Computerworld ran the Mac browser for several hours without a hitch.
Both the Mac and Linux editions can be downloaded from Google's site.
Google kills radio ad service, may lay off 40
February 13, 2009 (IDG News Service) Google Inc. is abandoning its attempts to sell ads on broadcast radio, concentrating instead on its plans to make money from television advertising and online video sharing.
Google first tried to extend its Web-based ad-placement technology to the sale of audio advertising on broadcast radio in 2006 with its acquisition of radio sales network dMarc Broadcasting, but the business has not been a success. Now, as part of a broader plan to refocus on its most profitable and popular activities, it's pulling out of radio.
The company is looking for a buyer for Google Radio Automation, a business it set up to automate broadcast audio programming. And on May 31, it will close two services designed to automate the placement of audio ads, Google Audio Ads and AdSense for Audio, the company announced on its Google Traditional Media Ads blog. It expects to lay off 40 people as a result of the closure and move others to new posts.
In January, Google announced it would shut another traditional media sales division, Google Print Ads, at the end of this month. The service allowed Google AdSense users to place print ads in around 800 U.S. newspapers.
With its Audio Ads service, Google had hoped to make radio advertising more relevant to listeners and simplify radio ad sales.
Despite devoting substantial resources to the services, "we haven't had the impact we hoped for," Susan Wojcicki, vice president of product management, wrote on the blog.
Without the tight link between advertiser and consumer that Google enjoys online, where it can track each page view and click, the company found it difficult to measure the impact of radio ads and make them relevant to listeners.
That explains its decision to focus instead on online streaming audio, where it can identify more precisely who is listening to what, and on TV advertising, where systems to measure audience response are more developed than those for radio. It launched its own system for selling and scheduling TV advertising in early 2007.
Google is also renewing its efforts to make money from online video, allowing users of its YouTube video-sharing service to download some clips rather than stream them, in some cases for a fee.
Mozilla delays Firefox 3.1 again
January 29, 2009 (Computerworld) Mozilla Corp. has delayed the third beta of Firefox 3.1 for the second time this month, a company executive said today, citing troublesome bugs in the browser's new JavaScript engine as the reason.
It's not yet clear if the latest delay will affect the delivery of Firefox 3.1's final, which Mozilla has said several times would appear this quarter. "I can't tell you that we're 100% confident that we will hit Q1," Mike Beltzner, director of Firefox, said Thursday morning.
After a Firefox 3.1 status meeting yesterday, Mozilla noted that there are 18 bugs that still need fixing before it can move ahead with Beta 3. "At this time, we don't have a good estimate for when we'll be done," meeting notes read. "Many of the bugs are proving to be tricky and complicated to fully resolve."
Beltzner expanded on that theme. "The TraceMonkey team has 15 things that are priority 1 blockers," he said, referring to the JavaScript engine that Mozilla introduced last year in Firefox 3.1. A Priority 1 blocker is a bug that, if unfixed, would prevent the release of Beta 3.
Saying that TraceMonkey developers needed to "get a good handle on the problem," Beltzner said a revised schedule might be posted within a few days. "We'll check back with [the TraceMonkey team] in a couple of days, and see where they're at," he said.
There has been no talk of yanking TraceMonkey from Firefox 3.1, Beltzner said. "We really believe in the TraceMonkey engine," he confirmed. "It's twice as fast [at rendering JavaScript] as Firefox 3.0, and more than nine times faster than Firefox 2.0. People who are using the nightlies and Beta 2 just can't go back to the slower browsers," he said.
Mozilla has made much of TraceMonkey, and the performance boost it gives Firefox, since it introduced the new JavaScript engine last summer.
Firefox 3.1 has been pushed back several times. Two weeks ago, Mozilla announced that Beta 3 would ship on Feb. 2, a week later than previously scheduled. Last November, Mozilla inserted the third beta into its timetable to give more testing time to several features, including TraceMonkey.
Firefox 3.1 Beta 2, still the newest public release of the browser, debuted in early December 2008.
"The TraceMonkey bugs seem quite containable," said Beltzner. "They're the sort of instability bugs that don't affect a lot of people a lot of the time -- we're talking crashes that are affecting a small percentage of the Web [sites] -- but we don't want to crash on any."
Mozilla faces renewed pressure from Microsoft Corp., which is working on the next version of its Internet Explorer browser. On Monday, Microsoft issued IE8 Release Candidate 1 (RC1). According to Computerworld's tests, IE8 RC1, while still considerably slower than the current production version of Firefox, has closed much of the JavaScript performance gap that existed as recently as last month.
Living free with Linux: 2 weeks without Windows
January 21, 2009 (Computerworld) It's one of those perennial age-old battles that can never be resolved. Coke or Pepsi? Chocolate or vanilla? Linux or Windows?
I've been in the trenches of those wars for years. I've written about Windows since the days of Windows 2.0, including numerous books and hundreds or even thousands of articles, blogs and columns. Along the way, I've been called every name in the book -- and many you won't find in any books, either -- by Linux proponents, because I've extolled the benefits of Windows, while ignoring those of Linux.
So I thought it was finally time to confront the issue myself. How does Linux stack up against Windows? Which is really easier to use and less expensive? Which actually lets you be more productive? In short: Could I live without Windows at all and run my life on Linux for two weeks without spending a penny for software? Since one of Linux's great virtues is that it, and many of the applications that run under it, are open source, part of the attraction for me was to see if I could use an operating system and applications that were completely free.
To put myself to the test, I borrowed an IBM ThinkPad T41 with 1.5GB of RAM and a Pentium M 1.6-GHz processor. It already had Windows XP installed on it, but if I wanted, I could wipe the drive clean.
Choosing and installing Linux
The uninitiated (as I was) will most likely be initially overwhelmed by the number of Linux distributions available, many of which sound as if they were named by participants at a Star Trek convention after too much late-night carousing: Gentoo, Debian, Knoppix, Madriva, SUSE, Red Hat, Xandros, Ubuntu -- and that's just a very short list.
My goal was to live in Linux for free, so that ruled out commercial Linux distributions such as Xandros. I checked with a number of Linux pros and fans, and in the end, I relied on my most trusted expert, my 18-year-old son Gabe, who recommended that I go with Ubuntu, using the Wubi installer. Wubi creates a multiboot system on a Windows PC that lets you boot into either your existing version of Windows or into Ubuntu. You don't have to modify any partitions, and you don't have to use a different boot loader than the one Windows uses. As an added bonus, it can be installed and uninstalled like any other Windows application.
Click to view larger image
At first, installation seemed straightforward. I downloaded the Wubi installation file and ran it, which in turn downloaded a 694.5MB file. The installation program told me it needed to reboot. I told it to go ahead.
The Hardware Gods, though, were not pleased; perhaps I had forgotten to sacrifice a goat. My ThinkPad T41 didn't reboot, even though the installer tried. So I took matters into my own hands and chose to reboot from the Windows Start menu. (At this point, the installation program was still running in Windows.) Once again, it stood firm and refused to reboot.
As a long-suffering Windows user, I'm used to this kind of thing, so I tried the three-finger salute and pressed Ctrl-Alt-Del -- twice. Again, no go. Eventually, I had to unplug the machine's power cord, take out the battery, then put the battery and power cord back in. Then I restarted.
At first, things seemed to go according to plan. After the restart, a dual-boot screen appeared, asking whether I wanted to boot into XP or Ubuntu. I chose Ubuntu and figured I was on my way. Wrong. I booted into a screen that looked like this:
BusyBox v1.1.3 (Debian 1:1.1.3-3ubuntu3) Built-in shell (ash)
Enter 'help' for a list of built in commands.
(initramfs)
As a Windows user, I'm used to seeing incomprehensible screens. But this one put even Microsoft to shame. I rebooted again (this time it worked) and once again chose Ubuntu from the dual-boot screen. Once again the mysterious screen appeared. I typed "help" at the prompt to find the list of commands. The "help" was of absolutely no help. I got a listing of several dozen commands -- things like alias, break, continue, pwd, loadfont and so on -- but no information about what they did or how to use them.
I rebooted yet again. And this time, for reasons known only to the Linux Gods (perhaps they don't require goat sacrifices after all), I booted into a Ubuntu GUI that began configuring my system. Finally! Well ... not quite finally. After about 10 minutes, Ubuntu stopped functioning and the PC rebooted on its own.
After that reboot, though, all was right with the world. Ubuntu finally installed on the system as a dual-boot option and was absolutely rock-solid every time I booted into it. So solid, in fact, that it never failed to boot. So solid that I never experienced a single crash or Blue Screen of Death in all the weeks that I used it, either in the operating system itself or any of the applications I used -- something I certainly can't say about Windows XP.
Amazingly -- at least to a Linux novice like me -- Ubuntu recognized all the hardware on my T41, including the built-in wireless card, so I didn't have to fiddle around with drivers. If Microsoft had done this good a job with drivers on Vista, perhaps that operating system wouldn't be so troubled right now.
Microsoft beta lets old Windows apps run on Vista
January 15, 2009 (IDG News Service) Microsoft Corp. has released the first public beta of a tool that solves one of the chief complaints businesses have with Windows Vista: that older Windows applications aren't compatible with the new operating system.
The Microsoft's Enterprise Desktop Virtualization (MED-V) lets people run legacy Windows applications, including those built for Windows 2000 and Windows XP, on Vista by using virtualization technology, according to a blog post on The Official MDOP Blog.
"Our primary goal was to deliver an enterprise virtualization solution for the compatibility challenges that IT teams have with some of their line-of-business applications, during the upgrade to new operating systems (like Windows Vista)," according to the post, attributed to Ran Oelgiesser, a MED-V senior product manager. "With MED-V 1.0, you can easily create, deliver and centrally manage virtual Windows XP or 2000 environments (based on Microsoft Virtual PC 2007), and help your users to run legacy applications on their Windows Vista desktops."
By using MED-V in this way, people don't have to test or migrate applications that before would have been incompatible with Vista before running them on the operating system, saving companies money and time, he added.
To get the MED-V beta, people can sign up on the Microsoft Connect site.
The final release of the software is expected later this year, according to the post. Microsoft acquired the MED-V technology when it closed its purchase of Kidaro Inc. last May. It is included in a larger software package called the Microsoft Desktop Optimization Pack, which rolls up several Microsoft virtualization acquisitions. In addition to Kidaro, the pack is comprised of software from Microsoft's purchases of Softricity, AssetMetrix, Winternals Software and Desktop Standard.
Microsoft is investing heavily in desktop- and application-virtualization technology as a way to alleviate compatibility issues that have especially hampered the adoption of Vista. Many businesses opted to skip Vista and continue to run Windows XP until Vista's follow-up release, Windows 7, is available, and application-compatibility was one of several factors affecting their decision.
Microsoft just released the first Windows 7 beta last week, and some expect the final release of the operating system as early as August or September, although Microsoft has not given a firm date for when it will be finished.
Early reports from Windows 7 beta users are that the operating system is more stable, runs faster and is more secure than Vista, and improves on some of the user-interface features Microsoft introduced in that operating system. Some are even suggesting that Microsoft not charge a fee, or charge very little, for Windows 7, since Vista should have the same high quality in the first place.
