LINUX - Ubuntu on Tablet Systems

"Ubuntu on tablets"

SECURITY - Online Gaming Firms Targeted by Malware

"'Winnti' Malware Targeting Online Gaming Firms" by Chloe Albanesius, PC Magazine 4/12/2013

News of game-related hacks are nothing new; they have dominated headlines in recent years, from the massive Sony PlayStation Network takedown to the more recent hack of The War Z.

Attacks on gaming firms might not be isolated incidents, however.  Researchers at Kaspersky Lab this week said they uncovered a series of targeted attacks originating in China that are taking aim at Web-based gaming companies.

"According to our estimations, this group has been active for several years and specializes in cyber attacks against the online video game industry," Kaspersky said in a blog post.  "The group's main objective is to steal source codes for online game projects as well as the digital certificates of legitimate software vendors.  In addition, they are very interested in how network infrastructure (including the production of gaming servers) is set up, and new developments such as conceptual ideas, design and more."

Kaspersky started investigating the group - known as Winnti - in the fall of 2011 at a behest of a computer game publisher that detected malware on its network.  The malware was pushed out to users via a standard update, prompting concern that the company was spying on its users.

"However, it later became clear that the malicious program ended up on the users' computers by mistake; the cybercriminals were in fact targeting the companies that develop and release computer games," Kaspersky said.

Once installed on someone's computer, the hackers could control that machine without the user's knowledge.  The malware was "the first time we saw Trojan applications for the 64-bit version of Microsoft Windows with a valid digital signature," Kaspersky said.  Previous incidents of digital signature abuse had only hit 32-bit systems.

The digital certificate in question belonged to South Korea-based KOG, which also produced MMPRG, like Kaspersky's client.  Ultimately, the certificate was revoked, but "over the next 18 months we discovered more than a dozen similar compromised digital certificates."

Kaspersky said that its research suggests that at least 35 companies from around the world have been infected by Winnti malware at some point in time, with a "strong focus" on Southeast Asia.

WINXP - Updates Coming to an End

"When will Microsoft pull the plug on your version of Windows or Office?" by Ed Bott, ZDNet 4/4/2013

Excerpt

Summary:  The countdown for Windows XP is about to get serious.  In one year, Microsoft officially stops supporting XP.  What happens when the clock runs out?  And how long until your current version of Windows or Office suffers the same fate?

For the next year or so, Microsoft will officially offer support for four versions of Windows for desktop and notebook PCs.

Windows XP, the oldest of the bunch, celebrates its 12th birthday this fall.  It kicks off a year-long farewell tour next week, counting down to April 8, 2014, when Microsoft officially ends its support.  XP lived longer than any version of Windows ever, getting multiple extensions on its retirement date to placate customers who said no to Vista.  But April 2014 is the end of the road.

XP will not get a last-minute reprieve.

Let me say that again, in boldface this time:  Microsoft will not extend the support deadline for XP.  If you're still relying on XP, you should have a plan to switch to a supported platform, whether it's from Microsoft or someone else.

April 8, 2014 is a deadline, not a death sentence.  PCs running XP will not stop working when the clock runs out.  In fact, XP diehards won’t notice anything different except an eerie quiet on Patch Tuesday.  Newer Windows versions, including Windows Vista, Windows 7, and Windows 8, will continue to get security patches and bug fixes via Windows Update, but not XP.  When the extended support period ends, so do those updates.  (Large enterprise customers who have custom support agreements with Microsoft and who are willing to pay dearly for the privilege might be able to get custom updates after the official end of support.  But consumers and small businesses will not have that option.)

None of this should be a surprise.  As I’ve noted before, Microsoft has a well-established support life-cycle for its software products.  It’s basically an agreement that the company makes with everyone who commits to Windows.  The terms of that agreement don’t change often, which is an important assurance for business customers who tend to be conservative in their approach to upgrades.

Six months after the launch of Windows 8, it’s become obvious that Windows 7 is the new Long Term Support version.  And I'm starting to get more questions from readers who are concerned that Microsoft is going to try to kill off Windows 7.

MY OPINION:  Microdunce can shove their to-hell-with-consumer policies up you-know-where.

I am NOT about to downgrade my PERFECTLY WORKING WinXP Desktop to a more hoggish, all eye-candy, version that will require me to manually reinstall over 100 apps.

INTERNET - Spam or Not to Spam Cyber War

"Cyber War Over Spam Slows Access for Internet Users" PBS Newshour 3/27/2013

Excerpt

SUMMARY:  A dispute between an online company that sends spam emails and a company trying to mitigate spam has led to the one of the largest reporter cyber attacks in history, creating slow access to common sites like Netflix for millions of web users.  Hari Sreenivasan talks over the case with Nicole Perlroth of the New York Times.

HARI SREENIVASAN (Newshour):  One company fights spam; the other is said to be behind sending those pesky e-mails.  A dispute between the two has led to one of the largest reported cyber-attacks in Internet history, the result, widespread congestion that's slowing access for millions of users to sites like Netflix.

Nicole Perlroth has been covering the story for The New York Times, joins me now.

NOTE:  For users, this is what eMail client filters are for.  Delete spam eMails, or move spam to a [Spam] folder.

INTERNET - What Happens to Your Online 'Estate' After You Die?

"Law Lags Behind in Defining Posthumous Protocol for Online Accounts" PBS Newshour 3/11/2013

Excerpt

JEFFREY BROWN (Newshour):  Billions of people around the world now live part of their lives online, sharing photographs, information on relationships and careers, tweets and more.

But what happens when physical lives end and life in cyberspace goes on?  Of the one billion people who use the social network site Facebook, for example, an estimated three die every minute.  And that can lead to some painful problems.  For one thing, there's no one method or law on the books for how beneficiaries gain access to a deceased person's digital records.

Virginia dairy farmer Ricky Rash ran into that problem after his 15-year-old son Eric committed suicide in 2011.

RICKY RASH, Father:  It was a complete shock, as any suicide is.  But we had absolutely no warning.  Eric kissed his mom good night the night before.  He did his homework.  He Armor All-ed the seats in that Oldsmobile that was his.  He did everything under the sun to show us it was a normal night.

So, with no answers from home, no answers from school, we were just hoping that there may be something that would give us some insight as to why he chose to make the decision he did.  And Facebook was literally the last frontier that we had to investigate.

CYBERWAR - Pinning Down Motive For Hacking Against U.S.

"As Hacking Against U.S. Rises, Experts Try to Pin Down Motive" by NICOLE PERLROTH, DAVID E. SANGER, and MICHAEL S. SCHMIDT; New York Times 3/3/2013

Excerpt

When Telvent, a company that monitors more than half the oil and gas pipelines in North America, discovered last September that the Chinese had hacked into its computer systems, it immediately shut down remote access to its clients’ systems.

Company officials and American intelligence agencies then grappled with a fundamental question: Why had the Chinese done it?

Was the People’s Liberation Army, which is suspected of being behind the hacking group, trying to plant bugs into the system so they could cut off energy supplies and shut down the power grid if the United States and China ever confronted each other in the Pacific?  Or were the Chinese hackers just trolling for industrial secrets, trying to rip off the technology and pass it along to China’s own energy companies?

“We are still trying to figure it out,” a senior American intelligence official said last week.  “They could have been doing both.”

Telvent, which also watches utilities and water treatment plants, ultimately managed to keep the hackers from breaking into its clients’ computers.

At a moment when corporate America is caught between what it sees as two different nightmares — preventing a crippling attack that brings down America’s most critical systems, and preventing Congress from mandating that the private sector spend billions of dollars protecting against that risk — the Telvent experience resonates as a study in ambiguity.

To some it is prime evidence of the threat that President Obama highlighted in his State of the Union address, when he warned that “our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems,” perhaps causing mass casualties.  Mr. Obama called anew for legislation to protect critical infrastructure, which was killed last year by a Republican filibuster after intensive lobbying by the Chamber of Commerce and other business groups.

But the security breach of Telvent, which the Chinese government has denied, also raises questions of whether those fears — the subject of weekly research group reports, testimony and Congressional studies — may be somewhat overblown, or whether the precise nature of the threat has been misunderstood.

American intelligence officials believe that the greater danger to the nation’s infrastructure may not even be China, but Iran, because of its avowal to retaliate for the Stuxnet virus created by the United States and Israel and unleashed on one of its nuclear sites.  But for now, these officials say, that threat is limited by gaps in Iranian technical skills.

There is no doubt that attacks of all kinds are on the rise.  The Department of Homeland Security has been responding to intrusions on oil pipelines and electric power organizations at “an alarming rate,” according to an agency report last December.  Some 198 attacks on the nation’s critical infrastructure systems were reported to the agency last year, a 52 percent increase from the number of attacks in 2011.

Researchers at McAfee, a security firm, discovered in 2011 that five multinational oil and gas companies had been attacked by Chinese hackers.  The researchers suspected that the Chinese hacking campaign, which they called Night Dragon, had affected more than a dozen companies in the energy industry.  More recently, the Department of Energy confirmed in January that its network had been infiltrated, though it has said little about what damage, if any, was done.

But security researchers say that the majority of those attacks were as ambiguous as the Telvent case.  They appeared to be more about cyberespionage, intended to bolster the Chinese economy.  If the goal was to blow up a pipeline or take down the United States power grid, the attacks would likely have been of a different nature.

In a recent report, Critical Intelligence, an Idaho Falls security company, said that several cyberattacks by “Chinese adversaries” against North American energy firms seemed intended to steal fracking technologies, reflecting fears by the Chinese government that the shale energy revolution will tip the global energy balance back in America’s favor.  “These facts are likely a significant motivation behind the wave of sophisticated attacks affecting firms that operate in natural gas, as well as industries that rely on natural gas as an input, including petrochemicals and steel-making,” the Critical Intelligence report said, adding that the attack on Telvent, and “numerous” North American pipeline operators may be related.

American intelligence experts believe that the primary reason China is deterred from conducting an attack on infrastructure in the United States is the simple economic fact that anything that hurts America’s financial markets or transportation systems would also have consequences for its own economy.

COMMENT:  The REASON for hacking U.S. systems is in reality irrelevant.  The ABILITY to hack our systems is, or should be, the point.  Hacking methods used for economic reasons can be use for more destructive reasons.

CYBERSECURITY - Social Networking Hacking

"Twitter Hackings Put Focus on Security for Brands" by TANZINA VEGA and NICOLE PERLROTH, New York Times 2/24/2013

Excerpt

While most Americans were winding up their holiday weekends last Monday, the phones at the Vancouver headquarters of HootSuite, a social media management company, began to ring.

Burger King’s Twitter account had just been hacked.  The company’s logo had been replaced by a McDonald’s logo, and rogue announcements began to appear.  One was that Burger King had been sold to a competitor; other posts were unprintable.

“Every time this happens, our sales phone lines light up,” said Ryan Holmes, the chief executive of HootSuite, which provides management and security tools for Twitter accounts, including the ability to prevent someone from gaining access to an account.  “For big brands, this is a huge liability,” he said, referring to the potential for being hacked.

What happened to Burger King — and, a day later, to Jeep — is every brand manager’s nightmare.  While many social media platforms began as a way for ordinary users to share vacation photos and status updates, they have now evolved into major advertising vehicles for brands, which can set up accounts free but have to pay for more sophisticated advertising products.

Burger King and Jeep, owned by Chrysler, are not alone.  Other prominent accounts have fallen victim to hacking, including those for NBC News, USA Today, Donald J. Trump, the Westboro Baptist Church and even the “hacktivist” group Anonymous.

Those episodes raised questions about the security of social media passwords and the ease of gaining access to brand-name accounts.  Logging on to Twitter is the same process for a company as for a consumer, requiring just a user name and one password.

Twitter, like Facebook, has steadily introduced a number of paid advertising options, raising the stakes for advertisers.  Brands that pay to advertise on Twitter are assigned a sales representative to help them manage their accounts, but they are not given any more layers of security than those for a typical user.

Ian Schafer, the founder and chief executive of Deep Focus, a digital advertising company that also fielded a few phone calls from clients concerned about the Burger King attack, argued that Twitter bore some responsibility.

“I think Twitter needs to step up its game in providing better security,” Mr. Schafer said.  In a memo to his staff about such attacks, he called on social networks like Facebook, Twitter, Pinterest “and anyone else serious about having brands on their platform” to “invest time in better understanding how brands operate day to day.”

“It’s also time for these platforms to use their influence to shape security standards on the Web,” he wrote.

The risk for Twitter is in offending potential business partners as the company tries to build its advertising dollars, which make up the bulk of its revenue.  In 2012, the company grew more than 100 percent, earning $288.3 million in global advertising revenue, according to eMarketer.

On Wednesday, it introduced a product that would allow advertisers to create and manage ads through third parties like HootSuite, Adobe and Salesforce.com.  Advertising is estimated to account for more than 90 percent of the company’s revenue.

“This is not something we take lightly,” said Jim Prosser, a Twitter spokesman, in an interview last month.  (The company declined to comment on the Burger King hacking, saying it did not discuss specific accounts.)  Mr. Prosser said Twitter had manual and automatic controls in place to identify malicious content and fake accounts, but acknowledged that the practice was more art than science.

Mr. Prosser said Twitter had taken an active role in combating the biggest sources of malicious content.

Last year, the company sued those responsible for five of the most-used spamming tools on the site.  “With this suit, we’re going straight to the source,” it said in a statement.  “We hope the suit acts as a deterrent to other spammers, demonstrating the strength of our commitment to keep them off Twitter.”

But security experts say, and the recent hacks of Burger King, Jeep and other brands have demonstrated, that Twitter could do more.

“Twitter and other social media accounts are like catnip for script kiddies, hacktivists and serious cybercriminals alike,” said Mark Risher, chief executive at Impermium, a Silicon Valley start-up that aims to clean up social networks.  “Because of their deliberately easy access and liberal content policies, accounts on these networks prove irresistibly tempting.”

CYBERSECURITY - Executive Orders vs CISPA

"Obama's Cybersecurity Executive Order vs. CISPA: Which Approach Is Best?" by Chloe Albanesius, PCMag.com 2/13/2013

As part of his State of the Union speech last night, President Obama tipped an executive order that is intended to improve the security of Internet-based critical infrastructure.  But what does that order include?

Obama's plan would allow federal agencies to notify private companies if they detect any sort of cyber intrusion that would harm operations or the security of company data.

Specifically, the plan expands the Defense Industrial Base (DIB) information-sharing program to other federal agencies.  The DIB was put in place in 2011 and allows the Defense and Homeland Security Departments to share non-classified information about cybersecurity-related threats with DIB partner companies, like contractors.

But as we've seen with hacks of the Federal Reserve and the Department of Energy, defense-related agencies are not the only ones being targeted by hackers.  So the executive order "requires Federal agencies to produce unclassified reports of threats to U.S. companies and requires the reports to be shared in a timely manner," the White House said.  It also allows for "near real-time sharing of cyber threat information to assist participating critical infrastructure companies in their cyber protection efforts."

Obama has also ordered the National Institute of Standards and Technology (NIST) to develop a framework for handling cyber-security threats.  "NIST will work collaboratively with industry to develop the framework, relying on existing international standards, practices, and procedures that have proven to be effective," the White House said.

Given the rapid pace of technology, the recommendations will be technology neutral, the administration said.  Once they've been developed, DHS will work with other agencies to reach out to companies for voluntary implementation of the framework.

While sharing details about cyber attacks might seem like a no brainer, a major concern is how the data is handled.  If these threats deal with a credit card company or major social network, will your personal information be protected?

The White House insisted that the executive order includes "strong privacy and civil liberties protections."  Any type of information sharing will be based on the Fair Information Practice Principles (FIPP), a set of information-sharing principles developed by the FTC, as well as other applicable privacy and civil liberties policies, principles, and frameworks.

"Agencies will conduct regular assessments of privacy and civil liberties impacts of their activities and such assessments will be made public," the White House said.

Executive Order vs. CISPA

Last night, Obama called on Congress to do even more on cyber security.  Two members of the House, in fact, plan to re-introduce the controversial CISPA information-sharing bill today, but it has not secured the support of the White House.  A bill backed by the administration was introduced in the Senate last year, but did not make any major headway.

The main difference between the White House executive order and CISPA is that CISPA would allow private companies (like Facebook or Google) to share details about cyber attacks with the government, whereas the executive order is a one-way street, with the feds sharing information with the private sector.  CISPA opponents were concerned about immunity clauses that they said would incentivize companies to hand over customer information without hesitation.

As a result, the White House threatened to veto CISPA if it made it to President Obama's desk.  The White House Office of Management and Budget (OMB) released a statement that said the bill "departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres."

In a statement last night, the ACLU issued its support for the executive order and warned against CISPA.  "The president's executive order rightly focuses on cybersecurity solutions that don't negatively impact civil liberties," said ACLU Legislative Counsel Michelle Richardson.  "For example, greasing the wheels of information sharing from the government to the private sector is a privacy-neutral way to distribute critical cyber information."

Broadband trade association USTelecom said the executive order "takes some important steps toward achieving policy goals that will help protect our nation from harmful threats," but said the issue should ultimately be handled by Congress - via bills like CISPA.

GAMING BUSINESS - From Valve Co-Founder

"Watch Gabe Newell Talk For An Hour About Making Video Games" by Kirk Hamilton, Kotaku 1/31/2013

Earlier this week, Valve co-founder Gabe Newell gave a talk at University of Texas at Austin about the business and art of making video games.  Today, the school has posted a full video of one of the talks.

Sit back, relax, and watch one of gaming's visionaries talk about how he does what he does, and how his company operates.

(1:02:53)

COMMENT:  When Steam first 'hit the streets' back when Half-Life came out, I and many others, ranted about it.  That was because you actually had to be online to run a Steam game EVEN FOR SINGLE-PLAYER games.

Finally, Valve/Steam listened to what users were saying and Steam now has an Off-Line Mode.  So we can play Seam games WITHOUT being online.

CYBERWAR - New York Times Hacked by China

"New York Times Computer System Target of Lengthy Chinese Hacking Attack" PBS Newshour 1/31/2013

Excerpt

SUMMARY:  The New York Times fell victim to a four-month cyber attack by Chinese hackers who cracked passwords to more than 50 email accounts, including those of top reporters.  Ray Suarez talks with Times reporter Nicole Perlroth and Grady Summers, vice president of the cyber security company hired to investigate the attacks.

DRIVERS - Things to That Can Happen When Upgrading

This is about what potential glitches can happen when upgrading drivers.

For reference, my desktop system:

• WinXP SP3
• Pentium 4 Hyper Threading 3 GHz CPU (near Du Core performance)
• nVidia GeForce 7900 GS 512mb RAM
• 2 Gig RAM

I have 3 specific examples of what can happen with driver upgrades, these are games:

1. One of my favorite game series is "Thief" which is a stealth RPG.
   
   I loaded this series on an older system and had no problems. But when I upgraded my motherboard to what I have now (with P4 HT) the game had occasional crashes. Suspect the faster CPU speed was the problem.
   
   When I upgrade my nVidia drivers to the 300+ the game had constant crashes.
   
   
2. Next is the original Splinter Cell series (first 3 games).
   
   On my present system, with nVidia with drivers 200+, there was only a minor rendering problem. The second game had a scene where spotlights are sweeping the area. Originally you could actually see the spotlight beams, but with the nVidia 200+ drivers you could NOT see the beams.
   
   After upgrading to nVidia 300+ drivers, very frequent crashes.
   
   
3. Then there is the original Far Cry (aka Far Cry 1).
   
   Had no problems with the game until I upgraded to nVidia 300+ drivers. In scenes with outdoor views there were areas that were transparent. You see the sky where land should be.
   
   

Because of these issues I had to uninstall these games (sigh).

The problem in all these examples is the interface of the game engines with hardware and video drivers. Most of the problems were reported by other gamers. Also, I did try various tweaks to try to fix.

My research into tweaks for Far Cry 1 made me aware of something. The tweak guide and detailed listing of configuration entries that could be manually edited. BUT when I used nVidia Inspector to look at the calls for my card, many of the calls listed in the tweak guide were NOT there.

NOTE: nVidia Inspector latest version is 1.9.6.8. Use Google to find download, I use the Major Geeks site. Also the ZIP file is the entire utility, you make a folder and put all the files there then create a shortcut to run the EXE.

This tells me that nVidia drivers MAY not be fully backwards compatible. Newer drivers may not have older function calls.

This means that game engines that have hard-coded calls to specific functions MAY not work with newer video drivers.

Note that my system has no problems with 'newer' games like Skyrim or Far Cry 2.

This is just a reminder that upgrading drivers is not always smooth.

INTERNET - Child Protection From Apps Gathering Data

"How to Protect Against the Dangers of Mobile Apps That Gather Kids' Data" PBS Newshour 12/11/2012

Excerpt

RAY SUAREZ (Newshour): ...... new worries over the mobile apps kids are using, and what the apps disclose about their users.

It seems like everyone has them, the ubiquitous applications, apps, for short, on smartphones and tablets, including everything from instructive or educational materials to games.

Children of all ages, armed with these devices, are using apps and raising concerns over privacy.

The Federal Trade Commission is now investigating whether companies that make apps are violating the privacy rights of children by collecting personal data from mobile devices and sharing it with advertisers and databanks. These types of apps can detail a child's physical location or phone numbers of their friends, along with other information.

Yesterday, the FTC issued a new report documenting those concerns. It found, among 400 apps designed for kids, most failed to inform parents about the types of data that could be gathered and who would access it.

SECURITY - NASA Security Breach

"Stolen NASA Laptop Had Unencrypted Employee Data" by Mathew J. Schwartz, Information Week 11/15/2012

NASA is warning all employees and contractors that their personal information may have been compromised after a thief stole a NASA laptop and documents from an agency employee's locked car.

"On October 31, 2012, a NASA laptop and official NASA documents issued to a headquarters employee were stolen from the employee's locked vehicle. The laptop contained records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors and others," said Richard J. Keegan Jr., associate deputy administrator of NASA, in a notice sent to all employees.

The data on the laptop wasn't encrypted. "Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals," he said.

NASA doesn't yet know the full extent of the breach, presumably because the agency is still attempting to reconstruct and study everything that was on the stolen laptop. "Because of the amount of information that must be reviewed and validated electronically and manually, it may take up to 60 days for all individuals impacted by this breach to be identified and contacted," said Keegan.

In addition to now implementing full-disk encryption software for NASA laptops, Keegan said NASA will pay ID Experts to notify people who've been affected by the breach, and to provide identity theft and credit monitoring services. Anyone affected will be notified about the breach via a written, mailed letter -- but not by email or phone, he said.

Given the continuing increase in the number of data breaches affecting organizations, and the accompanying costs of notifying affected people and cleaning up the mess, surely technology-savvy NASA would have already required that all agency laptops be secured using full-disk encryption software?

In fact, that hasn't been the case, apparently owing to user resistance. An IT executive at Goddard Space Flight Center, for example, said that the facility recently implemented data-at-rest encryption on PCs. But some users aren't fans of the software, which they said interfered with some of the tools on their PCs.

In the wake of this breach, however, NASA administrator Charles F. Bolden Jr. and CIO Linda Cureton have ordered that "no NASA-issued laptops containing sensitive information can be removed from a NASA facility unless whole disk encryption software is enabled or the sensitive files are individually encrypted," said Keegan. "This applies to laptops containing PII, international traffic in arms regulations (ITAR) and export administration regulations (EAR) data, procurement and human resources information, and other sensitive but unclassified (SBU) data."

NASA facility CIOs have been ordered to add or enable encryption capabilities for the maximum number of laptops by November 21, 2012. By December 21, 2012, all laptops that leave NASA facilities must have encryption capabilities. In the meantime, employees who are telecommunicating or traveling "should use loaner laptops if their NASA-issued laptop contains unencrypted sensitive information," according to Keegan's communication.

Cureton's office will also review whether any further agency security policies need to be revised to help prevent future data breaches stemming from lost or stolen laptops.

A NASA spokeswoman didn't immediately respond to an emailed request for comment about what type of full-disk or file encryption technology the agency would be using, whether it planned to train all employees to determine what qualifies as "sensitive information" that must be encrypted -- or whether employees' compliance with the new policies would be monitored and enforced.

CYBERSECURITY - Chevron Infected by Stuxnet

"'The Worm Turns' As Chevron 'Infected' By Stuxnet Collateral Damage" by Tyler Durden, Zero Hedge 11/10/2012

"I don't think the US government even realized how far it had spread" is how the collateral damage from the Iran-attacking Stuxnet computer virus is described by Chevron. The sleep San-Ramon-based oil giant admitted this week that from 2010 on "we're finding it in our systems and so are other companies... so now we have to deal with it." It would seem that little consideration for just how viral this cyber warfare tactic has become and this news (reported by Russia Today) is the first time a US company has come clean about the accidental infection. Discovered in 2010, the Stuxnet worm was reported with all but certainty to be the creation of the United States, perhaps with the assistance of Israel, to set back Iran’s nuclear enrichment program as a preemptive measure against an eventual war. In a June 2012 article published by The New York Times, government agents with direct knowledge of Stuxnet claimed that first President George W. Bush, then Barack Obama, oversaw the deployment of the worm as part of a well-crafted cyberassault on Iran. On the record, the federal government maintains ignorance on the subject of Stuxnet, but perhaps Chevron sums up the impact of Stuxnet best (given the escalating Iranian enrichment program): "I think the downside of what they did is going to be far worse than what they actually accomplished."

Via Russia Today:

America’s cyberwar is already seeing collateral damage, and it’s hitting the country’s own billion-dollar companies. Oil giants Chevron say the Stuxnet computer virus made by the US to target Iran infected their systems as well.

California-based Chevron, a Fortune 500 company that’s among the biggest corporations in the world, admits this week that they discovered the Stuxnet worm on their systems back in 2010. Up until now, Chevron managed to make their finding a well-kept secret, and their disclosure published by the Wall Street Journal on Thursday marks the first time a US company has come clean about being infected by the virus intended for Iran’s nuclear enrichment program. Mark Koelmel of the company’s earth sciences department says that they are likely to not be the last, though.

“We’re finding it in our systems and so are other companies,” says Koelmel. “So now we have to deal with this.”

Koelmel claims that the virus did not have any adverse effects on his company, which generated a quarter of a trillion dollars in revenue during 2011. As soon as Chevron identified the infection, it was taken care of immediately, he says. Other accidental targets might not be so lucky though, and the computer worm’s complex coding means it might be a while before anyone else becomes aware of the damage.

“I don’t think the US government even realized how far it had spread,” Koelmel adds.

Discovered in 2010, the Stuxnet worm was reported with all but certainty to be the creation of the United States, perhaps with the assistance of Israel, to set back Iran’s nuclear enrichment program as a preemptive measure against an eventual war. Only as recently as this June, however, American officials with direct knowledge of the worm went public with Uncle Sam’s involvement.

In a June 2012 article published by The New York Times, government agents with direct knowledge of Stuxnet claimed that first President George W. Bush, then Barack Obama, oversaw the deployment of the worm as part of a well-crafted cyberassault on Iran. Coupled with another malicious program named Flame and perhaps many more, Stuxnet was waged against Iran as part of an initiative given the codename “Olympic Games.” Rather than solely stealing intelligence through use of computer coding, the endeavor was believed to be the first cyberattack that intended to cause actual hard damage.

“Previous cyberattacks had effects limited to other computers,” Michael Hayden, the former chief of the CIA, explained to the Times earlier this year. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction.”

On the record, the federal government maintains ignorance on the subject of Stuxnet. With American companies perhaps soon coming out of the woodwork to discuss how they were hit, though, the White House may have to finally admit that they’ve had direct involvement.

After the Times published their expose in June, Senator Dianne Feinstein, chairwoman of Intelligence Committee, called for an investigation to track down how the media was first made aware of America’s involvement in Olympic Games.

"I am deeply disturbed by the continuing leaks of classified information to the media, most recently regarding alleged cyber efforts targeting Iran's nuclear program,” Feinstein said through a statement at the time. “I made it clear that disclosures of this type endanger American lives and undermine America's national security."

When Feinstein spoke to DC’s The Hill newspaper, she said, "the leak about the attack on Iran's nuclear program could 'to some extent' provide justification for copycat attacks against the United States." According to the chairwoman, "This is like an avalanche. It is very detrimental and, candidly, I found it very concerning. There's no question that this kind of thing hurts our country."

Just last month, a shadowy Iranian-based hacking group called The Qassam Cyber Fighters took credit for launching a cyberattack on the servers of Capital One Financial Corp. and BB&T Corp., two of the biggest names in the American banking industry. Days earlier, Google informed some of its American users that they may be targeted in a state-sponsored cyberattack from abroad, and computer experts insist that these assaults will only intensify over time.

“We absolutely have seen more activity from the Middle East, and in particular Iran has been increasingly active as they build up their cyber capabilities,” CrowdStrike Security President George Kurtz told the Times.

Speaking of the accidental impact Stuxnet could soon have in the US, Chevron’s Koelmel tells the Journal, "I think the downside of what they did is going to be far worse than what they actually accomplished.”

TECHNOLOGY - Photovoltaic Glass

Photovoltaic Glass
From Corning

WINDOWS - Microsoft's Shift Towards Tablets

"With Windows 8, Microsoft Makes Big Shift Away From PCs Towards Tablets" PBS Newshour 10/26/2012

Excerpt

SUMMARY: Microsoft has revealed its biggest makeover so far to the operating system found on nine out of every 10 computers in the world. Ray Suarez talks to Forrester Research's Charles Golvin about how Microsoft's decision to focus on tablet-style computers will impact consumers and the greater tech industry.

JUDY WOODRUFF (Newshour): For more than two decades, Microsoft has been a dominant force in the worlds of business and technology. But its position has been challenged and, in some ways, surpassed by Apple, Google and others in recent years. Some question its ability to innovate.

Now Microsoft is facing a pivotal moment and a crucial test, as Ray Suarez reports.

CYBER SECURITY - Attacks on U.S. Banks

"Could the U.S. Face 'Cyber Pearl Harbor'? Protecting Banks from Hacker Attacks" PBS Newshour 10/18/2012

Excerpt

MARGARET WARNER (Newshour): We turn to a new cyber campaign against American banking giants and growing worries about what they might foreshadow. It began late last month and continues to this day.

Two more U.S. banks are the latest targets in the spate of cyber-hits on American financial institutions. This week, Capital One and BB&T suffered disruptions on their websites, leaving customers without access to their accounts.

A group calling itself the Qassam Cyber Fighters claimed responsibility and said the attacks are retaliation for an anti-Muslim video. But some U.S. officials, like Connecticut Senator Joe Lieberman, blame the recent uptick of attacks on Iran and its elite security force.

He spoke last month on C-SPAN.

SEN. JOSEPH LIEBERMAN, I-Conn.: I think that this was done by Iran and the Quds Force, which has its own developing cyber-attack capacity, and I believe it was a response to the increasingly strong economic sanctions.

MARGARET WARNER: Also blamed on Iran, recent hits on Saudi Arabia's state oil company, Aramco and Qatar's natural gas producer, RasGas, that disabled 30,000 computers entirely.

And Defense Secretary Leon Panetta warned last week that the threat to America's vital infrastructure throughout is rising.

WINDOWS - A Better Start Menu

This post is about my suggestion on a way for users to have a better Start Menu in Windows.

To summarize, instead of having all applications listed under [Programs] in the Start Menu (WinXP), have categories of applications. Here's my Start Menu:

As you can see, I have expanded to my [Games], [Adventure & RPG] category.

How did I do this? Edit the Start Menu folder:

In my opinion, this type of Start Menu is much simpler to navigate that dumping everything under [Programs].

Also, the shortcuts in this scheme are only those needed to run the app, or those related and used regularly. (how may times are you actually going to use the "Uninstall" shortcut, so why have it?)

Also, after installing applications and coping the needed shortcuts to my scheme, I move its [Programs] entry to a [Smenu] folder I create in the home-folder of the app so I do not loose what the install created.

You can do this in Windows 7 where Start Menu folder paths are:

• Win7 User Start Menu:
  C:\Users\profile-name\AppData\Roaming\Microsoft\Windows\Start Menu\
• Win7 All Users Start Menu:
  C:\ProgramData\Microsoft\Windows\Start Menu\ (normally this is a hidden folder)

Give it a try.

INTERNET - Guarding Personal Information

"A Perilous Cyber World: Guarding Personal Information from Hackers and Thieves" PBS Newshour 8/14/2012

Excerpt

JEFFREY BROWN (Newshour): And we begin an occasional series about the way we live ever more of our lives online in the digital age, and some of the risks and rewards connected with this evolution.

In coming segments, we will discuss the connections and disconnections of online life, the differences between engaging online and in the physical world, and what does it mean exactly when a video go viral.

We begin with a look at just how much of us, our identities, are online, and how vulnerable that can make us.

Mat Honan learned this firsthand recently when he was hacked and lost control of his phone, email and personal computer. He told the tale in "Wired" magazine, where he's a technology writer.

Also joining us is Peter Pachal, who watches this world closely as the technology editor for the Web site Mashable.

As a long-time computer & IT professional, my advice for Laptop and Desktop PCs:

• The HIGHEST security is NOT to be online unless you need to be, this includes turning off your system when you are not using it
• Passwords - The old advice about NOT using any part of your name or your wife's or children's, even your pets', applies
• Passwords - Do NOT use any part of an address where you have lived, worked, or gone to school
• Passwords - Do NOT use your nickname(s)
• Passwords - Do NOT use birthday dates; yours nor your family's (not even if you reverse or scramble, more later)
• Passwords - DO have one Master Password that is for very limited use, examples: system Administrator Account (NEVER have a blank password for Administrator), access to a password management tool you use, access to your ISP or eMail providers
• ALWAYS, always run a good Antivirus Utility (and "free" antivirus utilities are NOT good), one that includes protection against Root-Tool-Kit, Trojans, etc, and KEEP THE DEFINITIONS UP-TO-DATE

Here's the 'more later': If you've seen the move "True Lies" with Arnold Schwarzenegger, there is a scene where one member of the 3-man team (the computer geek) has to hack into information stolen from a target's hard drive. Arny and the other member walk away making a comment that they will come back much later. They are only 5 paces away when the geek says he's in. The password was the target's wife's birth-month, the son's birth-year in reverse, and the daughter's birth-day (or something like that). This is what hackers can do with information that is just out there on record.

LINUX - Ubuntu 12.04 LTS

Well, back to Ubuntu, specifically Ubuntu 12.04 LTS and I installed the GNOME Desktop.

Back when, I started with Ubuntu, my laptop came with it pre-installed. I left Ubuntu because they went to the UNITY Desktop.

Well UNITY Desktop sucks, really. Talk about making things hard to find.

Of course Ubuntu 12.04 LTS installs with the UNITY Desktop, but it was very easy to install the GNOME Desktop after I was sure Ubuntu worked.

Ubuntu 12.04 with GNOME Classic Desktop

1. Got Ubuntu working the first time after install
2. Got folder sharing working in just a few clicks (incl prompt for SAMBA install and auto setup)
3. After sharing worked, got my shared-printer (via my WinXP desktop system) in just 3 steps
4. Installed GNOME Desktop (via Terminal commands) and chose the environment after reboot (at the logon dialog)
5. Almost forgot, Ubuntu recognized my laptop's camera, the other distributions I tried did not
6. The other reason for Ubuntu is that it includes built-in Upgrade, you do not have to do a full install 
7. Found the Synaptiks Touchpad Management utility in the Ubuntu Software Center, which allows you to disable the touchpad when your mouse is connected !!!

So, my laptop is working (so far) flawlessly.

PS - Live and Learn:

There is a warning about installing the GNOME Shell (aka Desktop). Use only one method.

There are many souces to do this, which is the too-many-chefs symptom of OpenSouce software.

• You CAN install the shell from Ubuntu's Software Center, just search "gnome."
• Alternate method is go to the source, GNOME. At the bottom of this page is the "click away" link to install GNOME on Ubuntu. 
• Alternate method (which I used) is to use Termainal commands. The one I recommend is "Installing Gnome 3 on Ubuntu 12.04" article, which uses the GNOME3-Team Repositories. Make sure in get the GNOME Tweak Tool. This method gives you the Enviroment Select Menu (upper-right icon in logon) shown below. Of course I selcected GNOME Classic.