During a four-month long cyberattack by Chinese hackers on the New York Times, the company’s antivirus software missed 44 of the 45 pieces of malware installed by attackers on the network.

That’s a stunning wake-up call to people and businesses who think they are fully protected by their antivirus software.

“Even the most modern version of antivirus software doesn’t give consumers or enterprises what they need to compete in the hacker world,” said Dave Aitel, CEO of security consultancy Immunity. “It’s just not as effective as it needs to be.”

The New York Times said it had an antivirus system from Symantec (SYMC, Fortune 500) installed on devices connected to its network. The Chinese hackers built custom malware to, among other things, retrieve the usernames and passwords of Times’ reporters. Since that brand-new malware wasn’t on Symantec’s list of forbidden software, most of it was allowed to pass through undetected.

Symantec responded that it offers more advanced solutions than the one the New York Times (NYT) deployed.

“Advanced attacks like the ones the New York Times described underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions,” the company said in a written statement. “Antivirus software alone is not enough.”

Related story: Nations prepare for cyber war

The cold fact is that no single solution can prevent all cyberthreats. Sophisticated attackson networks routinely bypass network security systems, no matter how rock-solid they are — or claim to be.

“Commercially available solutions are available to everyone,” said Rohit Sethi, head of product development for SD Elements, a security firm. “It’s not hard for attackers to learn how to evade detection, and they’re coming up with ingenious ways of doing just that.”

The solution, security experts say, is to deploy technology that keeps a very, very close eye on what’s happening inside your network. You can’t always prevent attackers from getting in, but you can at least set tripwires to alert you when they do.

In the New York Times’ case, the company suspected that it would be attacked because of its investigation into Chinese Prime Minister Wen Jiabao’s family finances. It asked AT&T(T, Fortune 500) to monitor its network. AT&T quickly picked up suspicious signs. Two weeks later, when the extent of the infiltration became clear, the Times hired security consultancy Mandiant to track the attackers’ movements through its systems.

“Attackers no longer go after our firewall,” Michael Higgins, the Times’ chief security officer, told Times reporter Nicole Perlroth. “They go after individuals. They send a malicious piece of code to your e-mail account and you’re opening it and letting them in.”

From there, the best thing companies can do is track what attackers are doing.

“The question we always ask our customers is, ‘Do you know every program running on your network?” said Immunity’s Aitel. “When you know the answer to that question, you don’t need antivirus software. When you don’t, you’re screwed.”

Experts say that antivirus software is still a good, basic thing to have. Owning an antivirus solution is like putting the Club in your car — it’s not going to stop a determined thief, but it’s going to make stealing your stuff more difficult.

Antivirus software maker Avast, whose free antivirus software is among the most widely used, says there’s a major distinction between the kinds of threats encountered by everyday Web surfers and the carefully targeted attack the Times faced.

“Seatbelts and airbags are wonderful protection and improve the safety of millions, but they will not stop a bullet fired — say by a hired killer,” said Jindrich Kubec, Avast’s threat intelligence director. “Does it mean you will stop using airbags and seatbelts?”

Some antivirus solutions are better than others. In a recent analysts, Immunity simulated attacks against networks protected by the top-of-the-line software built by Symantec, Kaspersky Labs and Intel’s (INTC, Fortune 500) McAfee security division.

Immunity was able to break into the systems protected by Kaspersky and McAfee in two days. Symantec was the best of the breed, with Immunity unable to penetrate it in the several days it gave itself to achieve the task.

“New reputational-based software works to an extent,” Aitel said, referring to systems that aim to contextualize the threats they detect. “But deep down, nothing is as good has having a proper awareness about what’s going on in your network.” 

courtesy: http://money.cnn.com/2013/01/31/technology/security/antivirus/index.html

But Twitter’s new video-sharing app, Vine, is under scrutiny after early adopters started using it to flash six-second porn clips to the app’s users and to the larger Twitter community.

READ: On Data Privacy Day, Twitter and Google focus on government requests

It’s an issue that has Twitter scrambling to appease concerns. And it’s raising questions about how Apple, the only place where smartphone users can download the app, will respond after recently banning other apps that provide access to sexual content.

The issue gained attention Monday when Vine users noticed a video of what was described as hard-core pornography showcased in the prominent Editor’s Picks section of the mobile app.

READ: Twitter must identify racist, anti-Semitic posters, French court says

Users took to the comment section of that video to complain. Twitter apologized Monday, saying it was a mistake.

“A human error resulted in a video with adult content becoming one of the videos in Editor’s Picks, and upon realizing this mistake we removed the video immediately,” the company said in a statement sent to CNN. “We apologize to our users for the error.”

Released Thursday, Vine is a Twitter-owned app that lets users create and share videos lasting up to six seconds. As with photo-sharing app Instagram, Vine users can follow other people, whose posted videos show up in a feed on their phones or can be shared on Twitter and Facebook. The app is available only for the iPhone, iPad and iPod touch.

Vine’s Apple-only status raises interesting questions. Just last week, Apple banned image-sharing app 500px from its App Store because it could give users access to sexual content. The 500px app features artistically rendered nudes among lots of other photos, but so do other apps with user-generated content, such as Tumblr, which remain available on Apple’s iOS mobile system.

READ: Will Twitter war become the new norm?

The Vine app is rated 12+ on iTunes for “infrequent/mild sexual content or nudity,” among other reasons, meaning it’s deemed appropriate for users 12 or older. As of Monday, it was the fifth most popular free app in the App Store.

Apple did not immediately reply to a message seeking comment for this story. Vine had been listed on Apple’s own Editor’s Choice list as early as Monday morning, but appeared to have been removedby Monday afternoon.

Apple observers Monday were noting the strange position the company finds itself in. Apple has famously kept tight reins on what appears in its App Store and on its mobile operating system in general. The late CEO Steve Jobs famously argued that control on the front end delivers a user experience free from porn, spam and other digital unpleasantness.

But as the digital Web grows and evolves, it’s becoming tougher to parse the blurry line between apps that promote adult content (and which are turned down or banned by Apple as a matter of course) and those which simply provide access to such fare.

What, for example, is the distinction between the banned 500px app and the app for Tumblr, the blogging platform which, among its millions of blogs, includes many that host explicit sexual content?

“From the start, Apple has said they’d get the App Store wrong, and come across things they didn’t anticipate, but that they’d learn and grow,” said Rene Richie, editor of Apple-centric blog iMore, in a post Monday. “This particular problem has been around for years, but as social sharing has become easier, it’s come to the surface again.”

Interestingly, it was just a little less than a year ago that Apple banned Viddy, a video-sharing app that has been compared to Vine, because it gave access to user-generated adult videos. The Viddy app was eventually returned to the App Store.

On Twitter’s end, the anything-goes aspect of Vine jibes with the site’s overall philosophy. Compared to Facebook, which believes social sharing is best when tied to a user’s true identity and real-world networks, Twitter allows its users to register under fake names and has fought governments and law-enforcement agencies seeking user information.

As such, Twitter has taken a more hands-off approach on adult content. It’s not hard to hunt down hashtags its users are employing to share adult content on a daily basis. (#TwitterAfterDark becomes a trending topic on the site nearly every day — clicker beware).

By contrast, searching for several suggestive hashtags (such as #naked or #porn) on Instagram, the popular photo-sharing app bought by Facebook last year, render no results. Because Instagram is an Apple-like closed environment, sexually explicit images are difficult, if not impossible, to find there.

By Monday afternoon, hours after Vine had apologized and deleted the porn video from its Editors Picks, what uproar there was online was subsiding.

As some observers noted, Vine isn’t otherwise experiencing anything new in the tech world.

“As virtually every new video or photo-sharing service has shown us since the dawn of the Internet, from Flickr to ChatRoulette, it’s very difficult to keep these sites or apps G-rated. So the companies either learn how to police it well, like Flickr does, or they wither and die, as ChatRoulette did,” wrote The Atlantic Wire’s Adam Clark Estes in a post titled “Vine has a porn problem because, of course it does.”

In a statement to CNN, Twitter noted what had already become apparent on the app — that users can report videos they deem inappropriate.

“Videos that have been reported as inappropriate have a warning message that a viewer must click through before viewing the video,” a spokesperson said in the statement. Reported videos that are determined to violate Vine guidelines will be removed from the site and the user account that posted them may be terminated, according to the statement.

Vine’s terms of service ban illegal activity, harassment or abuse and behavior such as impersonating another user or violating trademark and copyright.

courtesy: http://edition.cnn.com/2013/01/28/tech/social-media/vine-porn-twitter/index.html

The first two handsets powered by the new Blackberry 10 operating system have been unveiled.

The Z10 is controlled via a 4.2in (10.7cm) touchscreen while the Q10 has a smaller 3.1in (7.9cm) screen and physical keyboard.

The UK will be the first to get the Z10 where it will launch on Thursday.

Its appeal could determine whether the firm – which has switched its name from Research In Motion to Blackberry – has a long term future.

The new operating system had originally been due for release last year. Canada and the UAE will get the Z10 in February and the firm said it should go on sale in the US in March.

“Two years ago we had to make a very serious decision,” chief executive Thorsten Heins told a press conference in New York.

Blackberry said users had wanted a phone with a physical keyboard

“Adopt someone else’s platform or build a whole new one from ground up for Blackberry. And we made the tough call to go it alone.

“Bringing an entirely new platform to the market and ushering this company through a really difficult transition took careful planning and we absolutely knew it was risky.”

Shrinking share

According to data from IDC, Blackberry devices used to account for just over 19% of global smartphone shipments at the start of 2010 – but it suggests that figure had dropped to less than 4% by the end of last year.

“The devices are probably the firm’s last attempt to make in impact in this market,” Alexander Peterc, technology analyst at BNP Paribas, told the BBC.

“The firm’s market share has fallen because they haven’t had a product launch in a year and a half. BB7 – the previous system upgrade which was just incremental – was, let’s say, a failure.

“They still have a following in enterprise where they will probably find a reliable source of revenue for the next 12 months but it’s also crucial for them to generate at least a half-decent amount of traction with consumers.”

Touchscreen keyboard

The new user interface allows up to eight apps to run simultaneously, four of which can appear in small windows on the same screen – something the firm describes as “true multitasking”.

Michelle Fleury spoke to chief executive Thorsten Heins, and looked at the Blackberry 10’s ‘hub’ feature

During a demonstration executives said the intention was to let users “flow” through applications using swipes and other gestures rather than copy the “in and out” nature experienced when navigating rivals’ devices.

For example BB10’s Hub – which brings together emails, texts and other notifications – can be accessed by swiping up and then to the right from any app. The user then needs to reverse the gesture to return to where they were.

The BBM messaging app can now make audio and video calls as well as being able to share what is on one person’s screen with the other user’s device.

The Z10 is not RIM’s first to feature a touchscreen keyboard, but it has adopted new features to attract users more used to physical buttons.

These include a feature which learns the words and phrases the owner most often types and then uses this to suggest words which float above the keyboard and can be flicked into place.

It will also learn to anticipate and correct frequently made mistakes – such as if the user often hits the letter C when they mean to tap space.

courtesy: http://www.bbc.co.uk/news/technology-21261809

It said the attacks coincided with its report into claims that the family of Chinese Premier Wen Jiabao had amassed a multi-billion dollar fortune.

The hackers used methods which have been “associated with the Chinese military” to target the emails of the report’s writer, the paper said.

China’s foreign ministry dismissed the accusations as “groundless”.

“To arbitrarily assert and to conclude without hard evidence that China participated in such hacking attacks is totally irresponsible,” said spokesman Hong Lei.

“China is also a victim of hacking attacks. Chinese laws clearly forbid hacking attacks, and we hope relevant parties takes a responsible attitude on this issue.”

Beijing has been accused by several governments, foreign companies and organisations of carrying out extensive cyber espionage for many years, seeking to gather information and to control China’s image.

‘China-based subterfuge’

According to the Times, the hackers first broke into their computer system in September, as the report on Mr Wen was nearing completion.

The report, which was dismissed as a “smear” by the Chinese government, said Mr Wen’s relatives had amassed assets worth at least $2.7bn (£1.7bn) through business dealings. It did not accuse the Chinese premier of wrongdoing.

China is sensitive about reports on its leaders, particularly when it comes to their wealth.

The New York Times said the hacking initially focussed on the computers of David Barboza, the paper’s bureau chief in Shanghai who wrote the report, and one of his predecessors, Jim Yardley.

Internet security firm Mandiant, which was hired by the Times to trace the attack, followed the hackers’ movements for four months, to try to establish a pattern and block them.

The hackers installed malware which enabled them to access any computer using the New York Times network, steal the password of every employee, and access 53 personal computers, mostly outside the Times offices.

They found the hackers began working for the most part at 08:00 Beijing time. They have not been able to establish how exactly the hackers broke into the system, but believe it may have been through a so-called spear-phishing attack, where an employee clicked on an email or link containing malicious code.

The security firm found that in an attempt to hide the origin of the attack, it had been routed through computers in US universities which, the paper said, “matches the subterfuge used in many other attacks that Mandiant has tracked to China”.

The Times said experts had found that the attacks “started from the same university computers used by the Chinese military to attack United States military contractors in the past”.

Mandiant’s chief security officer, Richard Bejtlich, said that “if you look at each attack in isolation, you can’t say, ‘This is the Chinese military’,” but that the similar patterns and targets of the attacks indicated a connection.

“When you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction,” he said.

The paper said no personal data of staff or customers was stolen and that no attempt was made to shut down its website.

“They could have wreaked havoc on our systems,” said chief information officer Marc Frons. But he said what they appeared to be looking for were “the names of people who might have provided information to Mr Barboza”.

There was also no evidence that sensitive emails or files on the Wen family had been accessed, or that the intruders had sought information unrelated to the Wen family, the paper said.

Courtesy: http://www.bbc.co.uk/news/world-asia-china-21271849