Home Tags Audio

Tag: Audio

Good news if you've got a Nexus, otherwise you're at risk Another month, another patching cycle for Android.

Google's mobile OS has picked up seven critical patches, ten classed as high priority, and a pair of moderately important fixes. In short, playing back a booby-trapped video or receiving a message with malware hidden in it could lead to malicious code running on a vulnerable Android device that hasn't been patched. "We have had no reports of active customer exploitation of these newly reported issues," the March advisory states. "Partners were notified about the issues described in the bulletin on February 1, 2016 or earlier.
Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository over the next 48 hours." Most of the critical flaws were found by Google's internal security team, and nearly half deal with programming blunders in Android's Swiss-cheese-like mediaserver library, some directly and some indirectly via libvpx. Being able to inject malware into mediaserver, via a message or video, is bad because, according to Google, "the mediaserver service has access to audio and video streams as well as access to privileges that third-party apps could not normally access." A critical flaw in Qualcomm's implementation on Android would also lead to a permanent root that would require re-flashing the operating system to fix.

The same drastic fix would also be needed if the kernel keyring component flaw isn't fixed. Meanwhile, moves to strengthen Android against the attacks involving libstagefright only get a high severity rating, as do yet more fixes for Mediaserver.

The full list of bugs – some reaching as far back as Android 4.4 as well as versions 5 and 6 – are below: Issue CVE Severity Remote Code Execution Vulnerability in Mediaserver CVE-2016-0815, CVE-2016-0816 Critical Remote Code Execution Vulnerabilities in libvpx CVE-2016-1621 Critical Elevation of Privilege in Conscrypt CVE-2016-0818 Critical Elevation of Privilege Vulnerability in the Qualcomm Performance Component CVE-2016-0819 Critical Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver CVE-2016-0820 Critical Elevation of Privilege Vulnerability in Keyring Component CVE-2016-0728 Critical Mitigation Bypass Vulnerability in the Kernel CVE-2016-0821 High Elevation of Privilege in MediaTek Connectivity Driver CVE-2016-0822 High Information Disclosure Vulnerability in Kernel CVE-2016-0823 High Information Disclosure Vulnerability in libstagefright CVE-2016-0824 High Information Disclosure Vulnerability in Widevine CVE-2016-0825 High Elevation of Privilege Vulnerability in Mediaserver CVE-2016-0826, CVE-2016-0827 High Information Disclosure Vulnerability in Mediaserver CVE-2016-0828, CVE-2016-0829 High Remote Denial of Service Vulnerability in Bluetooth CVE-2016-0830 High Information Disclosure Vulnerability in Telephony CVE-2016-0831 Moderate Elevation of Privilege Vulnerability in Setup Wizard CVE-2016-0832 Moderate The vast majority of Android users aren't going to be getting these updates soon enough, however. Nexus owners will get a push this week, and Samsung's better than most at pushing out fixes, but some other handset owners may carry these flaws until they upgrade their hardware. In the meantime, the malware writers will be getting busy reverse-engineering the Android patches and designing code to exploit the flaws.
In the PC sphere this can take as little as 48 hours, although for mobile it's taking a little longer. ® Sponsored: DevOps: hidden risks and how to achieve results
A type of malware that locks computer files and demands a fee for their release has successfully targeted Apple computers.The security researchers from Palo Alto Networks believe it is the first time ransomware has appeared on Macs.The KeRangers m...
A screen shot suggests he might have been on the site to download music software. Kanye's prolific tweeting has landed the artist in hot water.
It seems the self-proclaimed best musician of all time might be a fan of The Pirate Bay. Kanye on Tuesday posted a screenshot of his YouTube webpage, showing him listening to Sufjan Stevens' "Death With Dignity" track.

The trouble, however, is that he forgot to hide his tabs.

Fellow artist, and Tidal partner, deadmau5 noticed that the tabs he had open pointed to The Pirate Bay, a site often used to illegally download music, videos, and software, among other content. What the fuck @kanyewest ...

Can't afford serum? Dick. pic.twitter.com/8B2aiyORZs — deadmau5 (@deadmau5) March 2, 2016 The tab suggests West was on the piracy site to download a free copy of the $189 Serum sound-editing software from XferRecords, though there's no proof he actually downloaded it.

The tweet remains, and West has gone on tweeting as if nothing has happened.  UPDATE: West has responded, but rather than addressing the controversy, he is instead making fun of deadmau5's headgear, which - for those unaware - is a huge mouse head. "Do you do birthday parties?? My daughter loves Minnie mouse," reads one of the tweets.

Deadmau5 has responded with insults of his own. The trouble, however, is that West has been outspoken when it comes to music piracy, and recently complained about the fact that his new album, "The Life of Pablo," has been illegally downloaded so many times.

That album is only available to stream via Tidal, and he reportedly considered suing The Pirate Bay for having his latest album available on its site. West could, of course, just be doing research for that lawsuit by perusing The Pirate Bay... Perhaps he truly can't afford the $189 price tag. He recently tweeted that he was $53 million in debt thanks to his clothing line and other ventures, going so far as to ask Mark Zuckerberg for financial help.

A tongue-in-cheek GoFundMe page added by a fan brought in about $7,150, but has largely served a forum of people to write comments that poke fun at West.
TidalJohn Emanuele, who plays in the ambient and electronic music group The American Dollar, has sued three different music streaming services in the past two weeks.

Emanuele and his lawyers say that in different ways, Slacker Radio, Jay-Z's company Tidal, and now Google Play, have all ripped him off. The lawsuits are all proposed class actions, as Emanuele's lawyers believe other artists have been cheated, too. The complaint (PDF) against Tidal was filed on Saturday.
It's received the most press attention, in part because Tidal's marketing is based on the idea that it will pay artists more generously than other streaming services.

The lawsuit claims Tidal never served a "notice of intention," which is required to get the needed compulsory music license, and never paid the necessary royalties. A spokesperson for Tidal said that the company has rights to the master recordings "through its distributor, Tunecore, and have paid Tunecore in full for such exploitations." It also claims it's up to date on payments for mechanical licenses, which it pays through the Harry Fox Agency, another third party that administers the complicated world of music royalties. "This is the first we have heard of this dispute and Yesh Music, LLC should be engaging Harry Fox Agency if they believe they are owed the royalties claimed," said a Tidal spokesperson. (Yesh Music is Emanuele's company and is a co-plaintiff in the case.) The Emanuele lawsuit says that Tidal "know[s] full well that Harry Fox and Music Reports do not even try to serve NOIs... or calculate proper mechanical royalty rates unless expressly directed." Basically, the dispute boils down to Tidal saying they're being responsible and paying third parties to distribute funds to artists; with Emanuele saying, you know perfectly well those third-parties don't work right. The complaint also says Tidal has played fast and loose with the royalty rates, "deliberately miscalculating the per-stream royalty rates by including millions of streams Defendants do not pay," and that Tidal "systematically undercut" royalty calculations by cutting "illegal deals with equity investor partners." The complaint (PDF) against Google Play, filed yesterday, claims that the company did serve two NOIs covering four tracks, but that "failed to account for the vast majority of tracks" that Emanuele and his partner offered to Google.

The NOIs also provided a license for a year, and Google kept playing them after that year was up, according to the complaint. Google declined to comment on the Emanuele lawsuit. The complaint (PDF) against Slacker, filed on February 21, says the company "deliberately obfuscated the direct number of streams," and failed to pay proper royalties to the musicians. Overall, the world of music licensing remains so complicated that it's difficult to be sure one is doing everything "right." Sometimes, the data about who should be paid for music rights is missing or unclear.

Emanuele's trio of lawsuits comes two months after alt-rocker David Lowery sued Spotify, saying they blew it on his royalty calculations as well. In that case, Spotify responded with a statement saying that they're working with the National Music Publishers Association "to find the best way to correctly pay the royalties." Spotify has created a reserve fund of $17 million to $25 million "to pay royalties for pending and unmatched song use," according to Billboard.
Last week, Patrick Wardle published a nice analysis of a new Backdoor and Dropper used by HackingTeam, which is apparently alive and well.
Since HackingTeam implants are built on-demand for each target, we wanted to take a closer look: to see how it works and what its functionality reveals about the possible interest of the attackers behind this latest Backdoor. Encryption key The main Backdoor component receives its payload instructions from an encrypted Json configuration file.
In order to decrypt the configuration file, we began by using known keys, but none of them were able to decrypt the file. Upon checking the binary file we were able to identify that the function used to encode the file is still AES 128, so we started to look for a new encryption key. We located the initialization of the encryption routine, where the key is passed as an argument. By following this code we were able to find the new key used to encrypt the configuration file. As you can see, the key is 32 bytes long, so just the first 16 bytes are used as the key.

By using this key on our script we successfully decrypted the configuration file, which turns out to be a Json format file carrying instructions on how that particular Backdoor needs to operate on the target’s OS X machine: What does the implant do? It takes screenshots It synchronizes with or reports stolen information to a Linode server located in the UK, but only when connected to Wi-Fi and using a specific Internet channel bandwidth defined by the Json configuration file: It steals information on locally-installed applications, address book entries, calendar events and calls. OS X allows iPhone users to make such calls straight from the desktop when both are connected to the same Wi-Fi network and trusted. It spies on the victim by enabling frontal camera video recording, audio recording using the embedded microphone, sniffing local chats and stealing data from the clipboard. It also steals emails, SMS and MMS messages from the victim, which are also available on the OS X desktop when an iPhone is paired. Among other functionalities it also spies on the geolocation of the victim. It’s interesting to note that the Json file says that the start date of the operation is October 16 (Friday), 2015.

This indicates that this is a fresh HackingTeam Backdoor implant. For some reason the attacker was not interested in any emails sent to or from the target before that date but only from then on. Kaspersky Lab detects the above-mentioned Backdoor implants as Backdoor.OSX.Morcut.u and its dropper as Trojan-Dropper.OSX.Morcut.d Reference samples hashes: 0eb73f2225886fd5624815cd5d523d08e2b81bed4472087dca00bee18acbce04 Command and control servers: 212[.]71[.]254[.]212
Enlarge Record labels have won a copyright lawsuit against MP3Skull, a website that linked to MP3 song files from around the Web. MP3Skull lost the case in a default judgment, because it never came to court to defend itself. The labels sued MP3Skull in April 2015, calling it a "very popular rogue website" devoted to "the massive, brazen, and egregious theft of millions of copyrighted sound recordings." They didn't know who owned the site, but a summons was issued to Monica Vasilenko of Petrozavodsk, Russia, the name last listed as the site owner. According to the complaint (PDF), MP3Skull operators helped users acquire "obviously infringing files," offering tips via Facebook and Twitter telling users to be "very creative when you are searching our site" to avoid copyright notices and get their files. MP3Skull had already been banned in the United Kingdom at the time of filing. The site consisted of a no-frills listing of hit songs available for download within a few clicks. MP3Skull hosted no files itself, instead boasting to users that it would "provide fast and relevant search" and then link to files on other sites like mp3light.net, freemp3.se, and others. Court records show that neither Vasilenko nor anyone else ever showed up to defend MP3Skull.
In September, lawyers for the record labels moved for default. On Tuesday, US District Judge Marcia Cooke issued a default judgment (PDF), granting $22 million in damages to the record labels that they will surely never collect.

Cooke also ordered domain registrars, including Verisign, to give the record labels control of several MP3Skull websites, including mp3skull.com, mp3skull.to, mp3skull.cr, mp3skull.is, and mp3skull.ninja. "We are pleased with the court’s decision," an RIAA spokesperson told Ars. Cooke's order binding the domain registrars, who were not parties to the case, claims authority to do so based on the All Writs Act—the same short law that's now part of the national debate over a court order issued to Apple in a high-profile terrorism case.

The act is increasingly being used by copyright owners to exert authority over third-party Internet "intermediaries" like domain registrars, advertisers, and search engines, according to a forthcoming paper by University of Idaho law professor Annemarie Bridy.

The Evolution of Acecard

While working on the IT Threat Evolution report for Q3 2015, we discovered that Australia had become the leading country in terms of number of users attacked by mobile banker Trojans. We decided to find out what was behind this jump in activity and managed to identify the cause: Trojan-Banker.AndroidOS.Acecard.

This family accounted for almost all the banker Trojan attacks in Australia. After analyzing all the known malware modifications in this family, we established that they attack a large number of different applications.
In particular, the targets include nine official social media apps that the Trojan attacks in order to steal passwords.

Two other apps are targeted by the Trojan for their credit card details.

But most interestingly, the list includes nearly 50 financial apps (client software for leading global payment systems and banks) and services, and the various modifications of Acecard make use of all the tools at their disposal to attack them – from stealing bank text messages to overlaying official app windows with phishing messages. Here is another interesting fact that we established while investigating the Trojan: the modifications of Acecard were written by the same cybercriminals who earlier created Backdoor.AndroidOS.Torec.a, the first TOR Trojan for Android, as well as Trojan-Ransom.AndroidOS.Pletor.a, the first encryptor for mobile devices.

All three Trojans run on Android. How it all started Given Acecard’s growing popularity and the rich criminal past of its creators, we decided to delve deeper into the history of this malware family. It all started with Backdoor.AndroidOS.Torec.a.

The first version of this malicious program was detected in February 2014 and could perform the following commands from the C&C server: #intercept_sms_start – start intercepting incoming SMSs; #intercept_sms_stop – stop intercepting incoming SMSs; #ussd – create a USSD request; #listen_sms_start – start stealing incoming SMSs; #listen_sms_stop – stop stealing incoming SMSs; #check – send information about the phone (phone number, country of residence, IMEI, model, OS version) to C&C; #grab_apps – send a list of applications installed on the mobile device to the C&C; #send_sms – send an SMS to numbers specified in the command; #control_number – change the phone’s control number. Then, in April 2014, a new version emerged with more capabilities.

The additional commands were: #check_gps – send the device’s coordinates to the C&C; #block_numbers – add numbers to the SMS interception list; #unblock_all_numbers – clear the SMS interception list; #unblock_numbers – remove specified numbers from the SMS interception list; #sentid – send an SMS with the Trojan’s ID to a specified number. In late May 2014, we detected the first mobile encryptor, Trojan-Ransom.AndroidOS.Pletor.a.
It encrypted files on the device and demanded a ransom for them to be decrypted. Some modifications of Pletor used TOR to communicate with the C&C. A month later, we detected a new modification, Backdoor.AndroidOS.Torec. Unlike previous versions, it did not use TOR and targeted credit card details: the Trojan overlaid the official Google Play Store app with a phishing window that included data entry fields. We assigned the verdict Trojan-Banker.AndroidOS.Acecard.a to this modification, and classified it as a separate family of malware.

From that moment on, all new versions of the Trojan have been detected as belonging to the Acecard family. An analysis and comparison of the code used in Backdoor.AndroidOS.Torec.a, Trojan-Ransom.AndroidOS.Pletor.a and Trojan-Banker.AndroidOS.Acecard.a has shown they were all written by the same cybercriminals. Here are some clear examples: Code from the SmsProcessor class of the Trojan Backdoor.AndroidOS.Torec.a Code from the SmsProcessor class of Trojan-Banker.AndroidOS.Acecard.a Code from the SmsProcessor class of Trojan-Ransom.AndroidOS.Pletor.a Here is another example: Code from the SmsProcessor class of the Trojan Backdoor.AndroidOS.Torec.a Code from the SmsProcessor class of Trojan-Banker.AndroidOS.Acecard.a Code from the SmsProcessor class of Trojan-Ransom.AndroidOS.Pletor.a A lot of the class, method and variable names are the same for all three Trojans.

The code of the corresponding methods is either the same or very similar with only minor differences. Acecard’s progress The initial Trojan, Trojan-Banker.AndroidOS.Acecard.a, could only handle four commands sent from the C&C: #intercept_sms_start – start intercepting incoming SMSs; #intercept_sms_stop – stop intercepting incoming SMSs; #send_sms – send an SMS to the number specified in the command; #control_number – change the phone’s control number. The next modification of Acecard was detected in late August 2014 and used the TOR network for C&C communication, just like the earlier Pletor.

Besides that, we identified two more differences.

Firstly, the list of supported commands had grown to 15; nearly all of these commands had been seen before in earlier versions of the Trojan Torec: #intercept_sms_start – start intercepting incoming SMSs; #intercept_sms_stop – stop intercepting incoming SMSs; #ussd – create a USSD request; #check_gps – send the device’s coordinates to the C&C; #block_numbers – add numbers to the list of senders from which SMSs will be intercepted; #unblock_all_numbers – clear the SMS interception list; #unblock_numbers – remove specified numbers from the SMS interception list; #listen_sms_start – start stealing incoming SMSs; #listen_sms_stop – stop stealing incoming SMSs; #check – send the Trojan’s ID to the C&C; #grab_apps – send the list of applications installed on the mobile device to the C&C; #send_sms – send an SMS to the number specified in the command; #control_number – change the phone’s control number; #sentid – send an SMS with the Trojan’s ID to a specified number; #show_dialog – show a dialog window to the user with specific objects (data entry fields, buttons etc.) depending on the C&C command parameters. The second difference was the number of phishing windows.

Along with the official Google Play Store app, this Trojan now overlaid the display of the following apps with its own windows: IM services: WhatsApp, Viber, Instagram, Skype; The apps of the VKontakte, Odnoklassniki and Facebook social networks The Gmail client The official Twitter client In the second half of October 2014, we detected the next modification of Acecard.
It no longer used TOR (neither have any of the versions of the Trojan subsequently detected). However, there was another, more important difference: starting with this version of the Trojan, there have been dramatic changes in the geography of the targeted users.

The earlier versions mostly attacked users in Russia, but starting in October 2014 the bulk of Acecard attacks targeted users in Australia, Germany and France. Russia accounted for just 10% of the attacked users.

This trend continued for another four months, until February 2015, but even then Australia, Germany and France still remained among the most frequently attacked countries. At the same time, the geography of Pletor attacks remained largely unchanged: most attacks targeted, and continue to target, users in Russia and the US.

The TOP 5 most attacked countries also includes Ukraine, Belarus and Saudi Arabia. A new modification of Acecard emerged in mid-November 2014.

As well as stealing passwords from popular social network clients, it started to overlay the banking app of Australia’s most popular bank with a phishing window. Just two days later, we managed to detect another modification of this Trojan that was already attacking the apps of four Australian banks. This functionality has persisted up to the very latest Trojan-Banker.AndroidOS.Acecard modifications that we detect. This version of Acecard also checks the country code and the service provider code as it launches, and if it finds itself in Russia, it shuts down.

This check is carried out in almost all subsequent modifications.
Interestingly, similar changes to Trojan-Ransom.AndroidOS.Pletor only took place in late March 2015, and did not extend to all versions of the malware. For the next nine months, there was practically no change in the functionality of the new Acecard modifications that emerged, until early August 2015 when we detected a new version that was capable of overlaying the PayPal mobile app with its own phishing window. There was also a new command that this version could perform – #wipe. When this command is received, Acecard resets the mobile device to factory settings. It should be noted that there has been a dramatic increase in Acecard developer activity since June 2015.

Before, we typically identified 2-5 files a month related to this Trojan; since June we have detected around 20 files per month. Number of Acecard files detected each month The graph above shows the number of files associated with the banking Trojan Acecard that are detected each month; these include both the modifications of Acecard and related files, such as downloader Trojans.

The dramatic rise in file numbers detected in November and especially December is down to the malware writers making active use of a commercial code obfuscator and the emergence of obfuscated versions of the Trojan. Also at this time, there was an increase in the number of attacks using this malicious program. The number of unique users attacked by Acecard per month In the first half of September, we detected a new modification of Acecard.
Its new capabilities included overlaying the windows of more mobile banking apps, including those of one Australian bank, four New Zealand banks and three German banks. It means this modification of the Trojan is capable of overlaying 20 apps – including 13 banking apps – with a phishing window. The subsequent development of Acecard’s “banking business” then got even faster: The next modification emerged just several days later, and was capable of overlaying as many as 20 banking applications.

The list of targeted apps grew to include another app belonging to an Australian bank, four apps for Hong Kong banks and three for Austrian banks. In late September, a new modification came out with a new functionality: the malicious program included a list of bank phone numbers, so text messages arriving from those banks are redirected to the cybercriminal.

The Trojan has a list of phrases, so it can compare incoming text messages and identify those with verification codes for bank operations or registration, and send just the code to the cybercriminal, rather than the full SMS.

This version of Acecard intercepts SMSs from 17 Russian banks. Early October saw the emergence of a new modification that attacked the banking apps of the three largest US banks.
Interestingly, from the very start, the US has been among the TOP 10 countries most often attacked by this Trojan; however, December 2015 saw a dramatic rise in the number of attacks on US users.
In that month, the US came third in terms of the number of unique users attacked by this malware. In mid-October, a new modification appeared capable of overlaying as many as 24 financial applications, including apps belonging to five Australian banks, four Hong Kong banks, four Austrian banks, four New Zealand banks, three German banks, three Singapore banks, and the PayPal app. A new modification was detected in early November that has a phishing window that targets an app belonging to a Spanish bank. It should also be noted that virtually all versions of Acecard can handle a C&C command that orders the Trojan to overlay any specified app with its own window. Perhaps the cybercriminals thought this option was more promising, because many of the versions detected in November and December 2015 have a dedicated window that only overlays Google Play and Google Music apps to target credit card details. No other applications will be overlaid without first receiving the appropriate C&C command. The most recent versions of the Acecard family can attack the client applications of more than 30 banks and payment systems.

Considering that these Trojans are capable of overlaying any application upon command, the overall number of attacked financial applications may be much larger. Although the Trojans belonging to this family can attack users from a long list of countries, most attacks target users in Russia, Australia, Germany, Austria and France. Number of unique users attacked by country In Germany and Australia, the Trojan-Banker.AndroidOS.Acecard family is the most widespread type of mobile banker Trojan targeting users. Propagation In many countries, Trojans belonging to the Acecard family are typically distributed with the names Flash Player or PornoVideo, although other names are sometimes used in a bid to imitate useful and popular software.

This malware family also propagates with the help of downloader Trojans that are detected by Kaspersky Lab’s products as Trojan-Downloader.AndroidOS.Acecard. We should note that on 28 December we were able to spot a version of the Acecard downloader Trojan – Trojan-Downloader.AndroidOS.Acecard.b – in the official Google Play Store. A Trojan-Downloader.AndroidOS.Acecard.b page in Google Play Store The Trojan propagates under the guise of a game, but in reality it has no useful functionality.

The main goal of this malicious app is to download and install a fully functional modification of the banking Trojan Acecard.
Its creators didn’t even bother to make it look like a legitimate application: when the malware is installed from Google Play, the user will only see an Adobe Flash Player icon on the desktop screen. We have also been able to detect a new modification of the downloader Trojan, Trojan-Downloader.AndroidOS.Acecard.c.
It differs in that the Trojan, once launched, uses vulnerabilities in the system to gain super-user rights. With these privileges – Trojan-Downloader.AndroidOS.Acecard.c can install the banking Trojan Acecard into the system folder, which makes it impossible to delete using standard tools. However, in most cases this propagation method is used to spread another Trojan that we are already familiar with – Trojan-Ransom.AndroidOS.Pletor. The cybercriminals are using virtually every available method to propagate the banking Trojan Acecard, be it under the guise of another program, via official app stores, or via other Trojans.

This combination of propagation methods, which includes the exploitation of vulnerabilities in the operating system, along with Acecard’s capabilities make this mobile banker one of the most dangerous threats to users. MD5 58FED8B5B549BE7ECBFBC6C63B84A7288D260AB2BB36AEAF5B033B80B6BC1E6ACF872ACDC583FE80B8F54957E14355DFFBBCCD640CE75BD618A7F3187EC1B74201E8CEA7DF22B1B3CC560ACB049F8EA0DDCE6CE143CCA26E59063E7A4BB890199D34FC3CFCFFEA760FC1ADD377AA626A03DA636518CCAF432AB68B269F7E6CC305EBAA5C7FFA440455ECB3519F923B56E3FD483AD3731DD62FBE027B4E6880E653888352A4A1E3CB810B2A3F51D0BFC2E1C794A614D5F6AAC38E2AEB77B139DA54332ED8EA9AED12400A75496972D7D75DB57F89A85F647EBBC5BAFBC29C801E702770D70C7AAB793FFD6A107FD08DADCF25782CAC01837ABACBF31130CA4E7507DF64C87EA74F388EF86226BC39EADF
Adrian PingstoneA Virgin Atlantic aircraft was forced to abandon its flight from London to New York after it was "hit by a laser strike." Not long into the flight, a pilot on the aircraft—which had set off from the capital's Heathrow airport—made a distress call confirming that the 15 crew, and 252 passengers on board flight VS025 needed to return to London as a precaution. He calmly explained the situation to Irish air traffic control: "We have a medical issue with one of the pilots after a laser incident after take off. We're going to return to Heathrow," he said, according to an audio recording of the drama. Metropolitan Police aviation officers, who described the incident as a "laser strike", slammed the use of lasers being shone into the cockpits of aircraft. "When you point a laser at an aircraft you are risking the lives of hundreds of people. #think about your actions!," Scotland Yard tweeted, following the incident. Virgin Atlantic—which is working with the Met to try to find the source of the laser—said in a statement that the "safety of our crew and customers is our top priority," and it apologised for any inconvenience caused. According to the British Airline Pilots Association, laser incidents have been extremely difficult to police. "To date only a handful of perpetrators of a laser incident have been prosecuted and convicted of this crime.

Despite continuing law enforcement efforts to deter and apprehend miscreants there were 1,440 reported laser strikes on aircraft in the UK and over 3,800 in the US in 2014 alone," it said. A laser strike could affect pilots in a number of ways, including flash blindness, the BAPA added.

The group said: Given the many incidents of cockpit illuminations by lasers, the potential for an accident definitely exists but the fact that there have been no laser-related accidents to date (October 2015) indicates that the hazard associated with current lasers can be successfully managed. As the power increases so does the concern surrounding potential outcomes.

Technologies are available to mitigate the effects of lasers, but are still immature, do not provide full-spectrum protection and are unlikely to be installed on airline flight decks in the foreseeable future. Wrongdoers who shine lasers at aircraft could face a summary offence under two Air Navigation Order articles.

The second of which—ANO article 137—could lead to a prison term.
It states: “A person must not recklessly or negligently act in a manner likely to endanger an aircraft, or any person in an aircraft.” Last month, in the US, a man was sentenced to six months in prison and three years of supervised release after he aimed a laser at a police helicopter.
In October last year, a Californian "knucklehead" was sentenced to five years in prison for pointing a laser at an emergency transport helicopter. This post originated on Ars Technica UK


Carbonite is one of the most recognizable names in online backup. It's also one of the easiest-to-use online backup services around, its mobile apps are well done, and it presents a good value for your money. Carbonite is still weak on sharing features, however, and limits you to a single PC, with external and network drives off-limits for backup. Recent news for the service is that it's discontinued the Sync & Share feature, so, unlike competitors such as IDrive and SpiderOakONE, Carbonite no longer has folder-syncing capability. Price Plans Carbonite's pricing plans are pretty straightforward: For $59.99 per year, the Basic plan gets you unlimited backup space for one PC or Mac computer. The Plus upgrade option ($99.99) adds the ability to back up external drives and create a mirror image of your entire disk for full system backup. The Prime plan ($149.99) adds automatic video backup (included in the base plan of Editors' Choice service SOS Online Backup) and a courier recovery service, which sends your data to you on a disk. The last will be of interest to SOHO users who may not have time to download hundreds of gigabytes of restored files. The fact that Carbonite's base price only covers one PC is not uncommon. But Editors' Choice IDrive offers 1TB that you can use on as many computers as you like for about the same price as Carbonite's one-PC-unlimited plan. A free 15-day trial Carbonite account is available (with no credit card needed), but there's no permanent, low-storage free plan like those offered by OpenDrive and IDrive.  Interface: Choosing What to Back UpAfter downloading Carbonite's PC software, you're taken through a clear wizard-driven process to select what's backed up and when. First you choose a nickname for the computer. That way, if you add other computers to your account, you know which one has the files you want. Next comes a big help for those who aren't sure exactly which files to back up: The wizard offers to automatically choose what to include (documents, photos, email, and music) and when to upload the files. There's also an Advanced option that lets you decide on the backup set and schedule the backup for yourself. You can use Advanced either to fine-tune Carbonite's default selections or to start completely from scratch. If you spring for the Plus plan, you can have the service back up your entire drive, system files and all, as well as connected external drives. The higher-level plans also let you create a duplicate backup to local storage, so that you can recover files without an Internet connection. Backup Scheduling and SecurityNext it's time to choose when backups should occur. I really like the default option, Continuous. You can also simply tell the software to back up once a day. If your Internet connection isn't the strongest, you may prefer that, though you can also tell Carbonite not to upload during your busy hours. The Continuous option only uploads file changes and new files, however, so it shouldn't overly tax your connection. Once you know what you're backing up and when, you need to decide on a security level. Carbonite encrypts your data before sending it to its servers. By default, Carbonite manages your encryption key, but those who want to really lock down their data can choose to manage their own key. This means no one at Carbonite has the means to access to your files even if compelled to by a search warrant, but also that they won't be able to recover your files if you lose the key. It means, furthermore, that you don't get Web access to your files; Mozy, by contrast, allows Web access for accounts using private keys. If you pick Carbonite, I recommend the still-secure but less-restrictive managed-key option. Your final options before Carbonite actually starts processing and uploading your data are to have the service prevent your PC from sleeping and to add any files not covered automatically—videos, program files, and files larger than 4GB. A wizard page explains that the initial upload could take a couple days. It also explains Carbonite's helpful File Explorer dots. The software adds a red dot if a file's waiting to be backed up, and green if it's all set. You can right click on any allowable file to add it to the backup set. If you update a file, the right-click context menu offers a "back up as soon as possible" choice, something I appreciate. If this functionality is very important to you, then Carbonite is a better choice for you than SOS Online Backup. CrashPlan, IDrive, and SpiderOakONE offer similar Explorer integration, though. During upload, Carbonite's clear InfoCenter window shows you exactly which file is currently being worked on, along with an overall progress bar. A system tray icon lets you launch the InfoCenter, freeze your backup, or pause uploads. Clicking a linked number of pending backup files opens an Explorer window that mirrors your drive structure, though it's populated only by backup files. InfoCenter's Settings tab lets you turn off the Explorer dots, change the backup set and schedule, and reduce bandwidth usage. Backup SpeedFor performance and bandwidth testing, I timed the Carbonite's backup upload speeds on two 100MB sets of mixed file types and sizes. I used PCMag's superfast 177Mbps (upload speed) corporate Internet connection so that bandwidth wouldn't be the limiting speed factor. At 3 minutes and 10 seconds Carbonite was among the slower services, only besting the very slow Backblaze. This compared with SOS Online's 52 seconds and CrashPlan's 59 seconds. Carbonite used to throttle throughput speed for personal accounts after 200GB was uploaded, but the company has since ended that unpopular policy. Restoring FilesCarbonite's InfoCenter is also your friend when it comes time to restore files. When you search for files to restore, you can either replace them in their original location or restore to a desktop folder. One problem I have with Carbonite is that if you delete a file on the backed-up PC, only to later realize you really wanted it, the service only keeps the file for 30 days. SOS keeps those files forever. Carbonite saves multiple versions of files as you edit and save them. They're kept for a bit longer than deleted files—3 months. But you're limited to 12 versions, compared with SOS's unlimited versions. In my tests of a document I updated several times, Carbonite correctly saved all versions. When you need to restore your entire PC backup to a new machine, Carbonite can recreate the lost PC's Windows user account on the new PC. You can also create a new user account for the backup. Note that when you do a full restore to a new machine, you lose the ability to back up the original PC, since the service only covers one PC per account. Otherwise, you can just save all the files to a separate folder. A nice option in the Restore window lets you use a search box to specify particular folders and files you need first. Carbonite estimates tells you how long the restore will take, and you can access already-processed files any time during the restoration. Web InterfaceAs with the desktop interface, Carbonite's Web interface is clear and well designed. It offers a folder view along with a quick search box, and all you have to do is double-click on a filename to start downloading it. One thing missing from the Web interface, however, is file-version choice. A Facebook button lets you send photos from your backed-up collection directly to the leading social network, but aside from this, there isn't much in the way of sharing features from the Web client. I am surprised that you can't even create a direct link to a file or extend editing access, as you can in several online backup services. Nor can you play music or videos from the Web UI. Mobile AppsCarbonite offers mobile apps for Android and iOS (missing is Windows Phone, for which IDrive has an excellent app). Oddly, you won't find links to the apps on Carbonite's site; you just have to search for Carbonite Mobile in the device's store. Large button tiles in the app offer access to Pictures, Documents, Music, and Desktop, or you can just view all your folders. I was able to view photos and documents, and even to play uploaded music right inside the app. File sharing is accomplished via iOS's built-in email sharing, which attaches files to an email message. The app was recently updated to support TouchID for easy access to protected files. Easy, Unlimited Online BackupIf you just want to back up your PC files to prepare for the occasional crisis, Carbonite is a fine choice. It stands out in the crowded online backup space with its ease of use, unlimited storage, and continuous backup. Against these strengths, however, you have to weigh its lack of support for external disks, limited sharing features, and the short period deleted files are saved. If those are concerns, you're better off with one of the PCMag Editors' Choice online backup services: CrashPlan for its innovations, SOS Online Backup for its super speed and powerful features, or IDrive for its wealth of features at a low cost.
February 12th, 2016 Leicester, UK - 10ZiG Technology is proud to announce their new look Dual and Quad Core Thin & Zero Client hardware range. The devices have been developed to provide the highest level of performance in VDI, DaaS and Application Delivery environments, and to provide the desktop of choice for all types of users and their varied requirements. The introduction of the 10ZiG AMD powered 2.4GHz Quad Core 7800q Series complements their existing Intel powered 2GHz Quad Core 5800q Series and their Intel powered 1.33GHz Dual Core 4400 Series. “It is still a common misbelief that Thin Clients provide the same performance to its user regardless of specification, as it’s the server side components of VDI which perform the grunt of the work. However, an increase in users requiring support for HD video/audio, Flash/HTML5, video conferencing, 3D, CAD and resolutions of up to 3840 x 2160 (4K), places a much greater demand on the Thin Client hardware. The Thin Client is ultimately responsible for decoding this display information in addition to its other tasks. This local processing demand increases with additional resolution and also where screen content changes regularly, such as in multimedia/3D and Imaging use cases. Supplying a Thin Client with the capability to decode this, regardless of screen size and resolution is essential to the combined success of a VDI deployment,” stated Robert Fitzer, Head of Research and Development, 10ZiG Technology. Leading the line in the 10ZiG product offering is their 7800q Series. Powered by the industry leading AMD GX-424CC 2.4GHz Steppe Eagle processor, it offers the perfect Thin Client endpoint for technology solutions including VMware Horizon, Citrix and Microsoft environments. The device supports single screen resolutions of up to 3840 x 2160 @ 30Hz (4K), Twin Display Ports for Dual Screen requirements and optional PCI expansion to offer Quad Screen support. A total of 8 x USB ports are available on the 7800q Series, including USB 3.0, with additional connectivity options such as legacy Serial and Parallel ports. Windows Trusted Platform Model Management (TPM) is also supported. The 10ZiG 5800q Series provides the most versatile hardware option amongst the 10ZiG product range. Powered by an Intel 2GHz Quad Core processor, capable of speeds up to 2.42GHz with Intel Turbo Boost Technology, this hardware series provides support for Citrix HDX, Citrix HDX 3D Pro (5848qc), VMware Horizon and Microsoft environments. Offering Dual DVI ports as standard, 7 x USB ports (including USB 3.0), optional VESA mounting and/or wireless support, the 5800q Series caters for a vast range of use cases. Last but not least, the 10ZiG 4400 Series provides a reliable and flexible lower powered option for those with non CPU intensive requirements such as support for Microsoft Office or text based browsing. Powered by an Intel 1.33GHz Dual Core processor, the 4400 Series offers Dual DVI ports as standard, 4 x USB ports, including USB 3.0 and the option of VESA mounting and wireless. The device offers support for Citrix, VMware Horizon and Microsoft.The 10ZiG Manager is a cost free management utility supplied with the 7800q, 5800q and 4400 Series providing an intuitive solution for automatic configuration, firmware updates, shadowing, power options and troubleshooting. This cuts out the need for additional IT administration, lowering the total cost of ownership. The 10ZiG Manager has an unlimited user license and there are no hidden upgrade costs so you get access to all of its features. What’s more, you can try any of the hardware above, along with 10ZiG Manager using our free, flexible, no-obligation product evaluation.In addition to the hardware above, 10ZiG also provide the widest range of Teradici Tera2 PCoIP Zero Client devices on the market for VMware Horizon and Amazon WorkSpaces environments, including Dual Screen, Quad Screen and All-in-One hardware. Part of the 10ZiG customer service pledge is to deliver devices that are developed to meet their customer’s requirements. This includes 10ZiG Manager, their Operating Systems and their Thin & Zero Client hardware. “Through working with users and partners and identifying changes in the types of users and sectors who are now being considered for VDI, we are recognizing more and more users who require higher resolution displays to carry out their work,” says Kevin Greenway, Managing Director, 10ZiG Technology. "The addition of the 7800q series complements our existing family of thin clients and is perfectly placed at targeting 'Power' users whom are not prepared to sacrifice on screen size, resolution and performance dealing with 3D/CAD/Imaging work related tasks in a vGPU enabled VDI environment such as Citrix XenDesktop and VMware Horizon." added Greenway.To learn more, or to arrange your FREE evaluation device, please contact the relevant office below.10ZiG Technology Inc. (Corporate Headquarters, US)1 (866)-865-5250sales(at)10zig(dot)comwww.10zig.com @10zigtechnology10ZiG Technology Inc. (EU Headquarters, UK)+44 (0) 116 214 8660sales(at)10zig(dot)euhttp://www.10zig.com/ @10zigtechnologyAbout 10ZiG TechnologyFocused solely in the development of Thin and Zero Clients for the latest desktop solutions, 10ZiG Technology has long-standing partnerships with industry leaders such as Citrix, VMware and Microsoft. These partnerships are all with the aim of providing the best performance possible by supporting the full feature sets of acceleration protocols such as HDX, HDX 3D Pro, PCoIP and RDP 8.1. 10ZiG offers traditional dual screen Thin and Zero Clients, including the widest range of TERA2-based PCoIP devices on the market, including Dual Screen, Quad Screen and All-in-One hardware. 10ZiG devices come with a variety of OS options, including NOS (Zero), PEAKos (Linux), Windows Embedded 7 (WES7), Windows Embedded 8 (WE8S) and Windows 10 IoT (W10 IoT). 10ZiG is committed to taking the complexity out of Desktop Virtualization, Application Delivery and The Cloud by providing Thin and Zero Clients with components that simplify implementation, improve management and visibility of devices and enhance the user experience. To further this commitment, all 10ZiG devices are accompanied by the 100% FREE enterprise class 10ZiG Manager Utility, enabling centralized configuration, maintenance and control of all 10ZiG Software Zero, Linux and Windows devices. The 10ZiG product range is underpinned by the most personal Sales and Support service on the market, and 10ZiG are willing to put it to the test through their no-obligation, no-hassle, flexible 30 day evaluation offer.Source: RealWire
Winning lawyer says more bogus copyrights may come under legal attack.
Skype users are at risk of being infected with a new trojan dubbed T9000 that can record video calls, audio calls and chat messages. Researchers at Palo Alto Networks discovered the new type of backdoor malware and explained that once installed it can evade detection by many popular antivirus systems, including some big names such as Kaspersky and Panda. The full list from Palo Alto of security firm's software it can dodge is: Sophos, INCAInternet, DoctorWeb, Baidu, Comodo, TrustPort, GData, AVG, BitDefender, VirusChaser, McAfee, Panda, Trend Micro, Kingsoft, Norton, Micropoint, Filseclab, AhnLab, JiangMin, Tencent, Avira, Kaspersky, Rising and Qihoo 360. T9000 is a new variant of T5000, first spotted in 2013.

The payload is hidden inside spearfishing emails with an infected .rtf document, but is sophisticated enough to get in through other means, when its controllers have the will. Once installed the software can record Skype calls and upload them along with text chats to a server.
It can also take regular screenshots.

The only saving grace is that a user has to give it permission, albeit unknowingly. An API request asking for permission for explorer.exe to access Skype appears.
In reality this should never be needed so it should be quite clear it's dodgy. The researchers explained: "The victim must explicitly allow the malware to access Skype for this particular functionality to work. However, since a legitimate process is requesting access, the user may allow this access without realising what is actually happening. Once enabled, the malware will record video calls, audio calls and chat messages." A computer with granted permissions could also have documents stolen, even on removable drives. Skype is used more and more by businesses as part of the Office suite, so there is the potential for hackers to uncover potentially lucrative information. Palo Alto has published a list of indicators that your machine is infected as the sheer complexity and audacity of T9000 means that prevention is more or less the only form of protection at the moment. Meanwhile, Microsoft has said that it protects users from the malware with security updates. “To further protect our customers, we’ve added detection for the malicious software known as T9000 to Windows Defender," the firm said. "Customers that have installed security updates released in 2012 (MS12-060) and 2014 (MS14-033), either manually or by enabling automatic updates, will already be protected. Our recommendation is to enable automatic updates, which installs the latest security protections, and to use the latest version of Skype."