Kaspersky Antivirus Banned From Use On US Federal Networks

President Trump signed into law a bill that bans the Kaspersky Antivirus as well as any other software made by Kaspersky Labs from use in U.S. federal departments, agencies, or organizations. The law applies to any company that is controlled by Kaspersky in any way or in which it has majority ownership.

U.S. Government Bans Kaspersky

Earlier this year, a Wall Street Journal report backed by unnamed U.S. government sources said that hackers working for the Russian government stole documents from an NSA agent. The NSA agent in question took home classified data without permission, and because she was running the Kaspersky antivirus, the report alleged that this is how Kaspersky was able to identify the NSA documents.

Kaspersky has admitted that it identified the NSA files, but as soon as it did, the company deleted the documents its antivirus was able to capture for malware analysis. The antivirus firm also offered to allow independent parties to review its software code.

This response doesn’t seem to have convinced too many in Washington, because after the report, Congress has been scrambling to pass a bill that would ban the antivirus from federal agencies’ networks. The ban of Kaspersky’s software from the federal agencies’ networks was eventually written into the National Defense Authorization Act. The bill will go into effect from the start of 2018.

How It All Started

The whole situation seems to have started when an NSA agent, called Reality Winner, who seems to have been a source for some of The Intercept’s national security stories, took home some classified NSA documents. Kaspersky said that it encountered the documents by mistake, as the files were automatically uploaded to its cloud when the antivirus was scanning Winner’s computer.

This is one issue with cloud-based antivirus software – you have to have a high degree of trust in this type of security software when you’re allowing it to analyze every file you have in your computer and then to upload them to the vendor’s servers. Even Microsoft’s Windows Defender has a cloud component that is enabled by default these days.

The other side of the issue is that if Kaspersky wanted to look clean and not look like it stole the files or that it aided the Russian government to do that, it should have probably alerted the U.S. government about this incident itself.

It’s hard to imagine that wouldn’t have made the U.S. government believe its side of the story more, if the company was the one telling the government about the classified data being leaked by a potential rogue agent. In fact, with Kaspersky protecting multiple U.S. federal networks already, one could argue that was already part of its job.

However, Kaspersky didn’t do that, which makes everyone question the company’s motives and become more inclined to believe the accusations that it was somehow aiding the Russian government in stealing those files.

Dealing With The Aftermath

Regardless of whether or not Kaspersky had any role in Russian hackers obtaining the classified information, it looks like the U.S. government has already made-up its mind about the company, which should impact both Kaspersky’s bottom line as well as its reputation as a trustworthy security solution vendor. The company is now likely going to need to work extra hard to gain its customers’ trust again.

Go to Source

Microsoft Discounts Mixed Reality HMDs By Up To $200, Today Only

Microsoft steeply discounted Windows Mixed Reality headsets from Acer, Dell, HP, and other companies in its online store. A few of the headsets are now sold out, but several remain available for purchase, so now might be the time to take the plunge on Microsoft’s attempt to popularize VR.

Windows Mixed Reality debuted alongside the Windows 10 Fall Creators Update in October. Manufacturers released the platform’s first headsets at the same time, with prices ranging from around $399 to $499. This sale cuts those prices down to $199 for some headsets and $249 for others. Samsung’s Odyssey headset, the priciest of the bunch, is the outlier; it received a mere $50 discount that brought its price down to $449.

It’s not hard to guess why Microsoft decided to run a sale on Windows Mixed Reality headsets so close to their launch. It’s the holiday season, and with all the buzz around VR and falling prices from mainstays like the Oculus Rift and HTC Vive, the company probably wanted to give shoppers more incentive to buy into Windows Mixed Reality. Add in a “12 Days of Deals” promotion and you have a recipe for low-cost headsets.

Demand for these discounted headsets appears to be outpacing supply. Microsoft has already sold out of the Acer Windows Mixed Reality headset and Dell Visor. That leaves just the Lenovo Explorer, HP Windows Mixed Reality headset, and Samsung Odyssey at $199, $249, and $449 each. You might want to act fast; we wouldn’t be surprised to see these headsets sell out shortly after their Acer and Dell brethren did earlier today.

You can learn more about Windows Mixed Reality in our previous coverage of the platform, including how to tell if your system is ready for Microsoft’s stab at VR and how exactly these headsets differ.

Go to Source

Mingis on Tech: Blockchain explained

It’s the most disruptive technology since the arrival of the Internet.

Or maybe it’s the next Linux, an open-source technology that offers great promise, but somehow never seems to make it to the mainstream world.

“It,” in this case, is blockchain – the buzz-worthy distributed ledger technology that first came into widespread use with Bitcoin represents a new paradigm for the way information is shared. FinTech firms are embracing it and a variety of companies are already rushing to figure out how they can use it to save time and admin costs, according to Computerworld Senior Reporter Lucas Mearian.

Mearian sat down for this episode with Executive Editor Ken Mingis to explain what blockchain does, what makes it special, how it might not be as secure as thought, and how it’s already being used. Financial firms rely on it for mobile payments in an ad hoc network in the Pacific region. Maersk uses it to track shipping.

And, as Mearian notes, another company – ShelterZoom – recently created a  blockchain offering to help companies keep track of real estate deals.

That kind of interest helps explain why IBM, SAP, Oracle and others are rushing to create blockchain-as-a-service offerings for customers to use. And it explains why blockchain is likely to grow and evolve rapidly over the next few years, Mearian said.

For the audio-only version, click play (or catch up on all earlier episodes) below. Or you can find us on iTunes, where you can download each episode and listen at your leisure.

Happy listening, and please, send feedback or suggestions for future topics to us. We’d love to hear from you.

Go to Source

Toshiba NAND Sale Moves Forward, WD Cooperates

Toshiba and WD have announced a truce after a year-long legal saga. The disagreements between the two companies began earlier this year when Toshiba announced that it planned to sell off Toshiba Memory Company (TMC), which is the company’s stake in the “Flash Forward” joint NAND manufacturing venture with WD. Toshiba’s failed investments in U.S.-based nuclear initiatives left the company badly in debt and mired in an accounting scandal. Toshiba’s accounting indiscretions placed the company in perilous territory with the Tokyo Stock Exchange, leaving it with no recourse but selling valuable assets.

WD inherited its partnership in the venture when it purchased SanDisk for $19 billion in 2015. Industry analysts initially predicted that WD would purchase the Toshiba Memory Company, thus bringing the entire operation under its umbrella. Much to WD’s chagrin, Toshiba instead opened a bidding process with several suitors. WD immediately filed for arbitration, claiming that, under the terms of the joint venture, Toshiba could not make a unilateral decision to sell off its stake. 

Intense legal action followed with both companies flinging accusations. Toshiba also took steps to prevent WD from investing in its new Fab 6, which threatened to choke WD out of future NAND supply. That’s a particularly alarming position for WD, which has invested heavily in diversifying from its HDD-only business model into a combined flash and HDD powerhouse.

In the interim, Toshiba decided to sell its partnership stake for $18 billion to a consortium led by Bain Capital. The consortium includes industry heavyweights such as Dell EMC and Apple. This decision intensified the ill will between Toshiba and WD largely because the consortium also includes their competitor SK Hynix. WD has severe objections to granting SK Hynix access to the company’s IP, intentional or otherwise. 

The mounting tension between the companies left both in a bad position. If Toshiba effectively locked WD out of investing in future production lines, it could force the company to source NAND elsewhere, thus losing the advantage of vertical integration. For Toshiba, WDs arbitration could drag any plans for the sale out into months, and even years, which wouldn’t allow the company to restructure in time to avoid further regulatory oversight from the Tokyo Stock Exchange. 

The two companies came to terms that allow WD to invest in the new Fab 6 venture, thus assuring its access to future NAND production. The two companies will also participate in another future fab in Iwate, Japan. As such, the companies have extended the Flash Forward agreement to 2027. They extended their other joint venture, Flash Alliance, to 2029. The two companies also agreed to protect mutual assets and IP, thus quashing WD’s concerns about SK Hynix. 

With these conditions in place, WD no longer objects to the sale of Toshiba Memory Company and will drop all pending legal and arbitration action. Of course, Toshiba will do likewise. In the end, the agreement was a foregone conclusion. WD cannot afford to lose access to flash, and Toshiba can’t afford to have the sale delayed further.

The contentious nature of the process highlights the reality of fabricating flash. Each generation of flash becomes more expensive to develop and produce, and the stakes have risen even further in the 3D NAND era. That means that even large companies, like Intel, Micron, Toshiba, and WD, have to forge alliances to spread out the investment. Very few companies have the heft of Samsung, which is the only company left that produces NAND flash as a standalone entity.

Go to Source

Mirai botnet: Three admit creating and running attack tool

A US-based man has pleaded guilty to creating a giant botnet that was used to disrupt access to much of the web in October 2016.

The Mirai malware also caused havoc later last year when it was used to stop people’s internet routers working.

Paras Jha has admitted working with others to infect more than 300,000 devices and using them to carry out distributed denial of service (DDoS) attacks and other criminal activity.

He has yet to be sentenced.

Two other people – Josiah White and Dalton Norman – have also agreed to plead guilty to using the botnet for criminal gain.

The details were revealed in documents filed in May but which have only now been unsealed by an Alaskan court.

Security blogger Brian Krebs has published additional information stating that Jha is 21 years old and from New Jersey, while White is 20 years old and from Washington, Pennsylvania. The two used to run a company that marketed itself as a means to mitigate incoming DDoS attacks.

Media playback is unsupported on your device

According to the plea agreement, Jha admitted writing Mirai’s code in or about July 2016, before working with others to use it to flood targets against whom he had a grudge with internet traffic.

The papers say he has also acknowledged renting the botnet to others for a fee, as well as using it to extort money from internet hosts and others by demanding payment to halt attacks.

White has admitted adding scanning functionality to the code in August, allowing the malware to identify further vulnerable devices to infect.

And in September, New Orleans-based Norman expanded the size of Mirai to more than 300,000 devices by helping the other two men take advantage of vulnerabilities they had not been aware of.

Flaw exposed

In September or October, the documents say, Jha posted Mirai’s code online in an effort to create plausible deniability if his equipment was seized by the police.

The botnet then grew further and was subsequently used against Dyn – a company that effectively provides the internet’s address books, making it possible for users to type in a website address and be connected to the computer servers holding the content they want.

The result was that, for a time, many sites – including Reddit, Twitter, Amazon, Netflix and the BBC – became inaccessible to many visitors.

The three men have not been accused of carrying out this attack themselves.

Over the following months the malware was also used to expose a flaw present in millions of routers, preventing homes and businesses from connecting to the net.

Media playback is unsupported on your device

“Mirai will be seen in future as the first major botnet that used the growing army of the internet of things [IoT],” commented Prof Alan Woodward, a cyber-security expert at Surrey University.

“It demonstrated just how vulnerable many of the cheap, internet-connected devices were to hackers who wanted to co-opt them to conduct massive attacks.

“Derivatives of Mirai live on today, with new IoT devices often targeted to see if a new variant of the botnet can be recreated, presumably to cause an equal amount of disruption.”

Under the terms of the plea, Jha faces up to 10 years in jail.

That includes time for separate attacks he carried out against Rutgers University’s internet network, which he has also admitted, as detailed by the New Jersey Ledger newspaper.

Norman and White both face up to five years in prison.

Go to Source

How to send secure messages and encrypted emails

We explain how to send sensitive information via email and messenger app. How to send secure emails, how to send secure messages.

How to send secure emails

To properly secure email messages you need to encrypt two things: the connection from your email provider, and the email itself. The first stops messages being probed as they send, encrypting the email itself means that any intercept will be foiled.

First we’ll secure the connection between your email provider and your computer. You need to set up Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption.

If you use the internet to check your email check that SSL/TLS encryption is active. If it is, the website address (URL) will begin with https instead of http. If you don’t see an ‘https’ address type an s at the end of the ‘http’ and press Enter. This will usually prompt your email provider to encrypt your connection.

If you use a desktop email client such as Outlook or Thunderbird, or a smartphone or tablet with an email app, encryption is harder to verify or to set up. Open up the app or software and navigate to the settings menu. Then in the advanced settings near where you can specify the port numbers for incoming and outgoing connections look for an option to activate encryption.

Now we will encrypt individual email messages during transit. This is a lot more involved and will mean both you and your email recipient must do some work ahead of time. It’s probably best to save this for extreme circumstances.

Fortunately you can usually use the built-in encryption features provided by your email service. Failing that you can download encryption software or client add-ons. And if all else fails you can use a web-based encryption email service such as Sendinc or JumbleMe.

Message encryption protocols such as S/MIM and OpenPGP require you to install a security certificate on your computer. You then give trusted contacts a string of characters to use as a key before they can send or receive an encrypted message with you. Likewise, the intended recipients of your encrypted message must install a security certificate on their computer and give you their public key in advance.

Support for the S/MIME standard is built into many email clients, including Microsoft Outlook and Thunderbird. If you use webmail browser add-ons such as Gmail S/MIME for Firefox do the job. To get started, you need to apply for a security certificate from a company such as Comodo.

The OpenPGP (Pretty Good Privacy) email encryption standard has a few variants, including PGP and GNU Privacy Guard (GnuPG). You can find free and commercial software and add-ons, such as Gpg4win or PGP Desktop Email, that support the OpenPGP type of encryption. More here: How to encrypt your email.

How to send secure messages

We are, however, using email less. Instant messaging has become incredibly popular with apps such as WhatsApp offering a free way to send messages across the web. Unfortunately, not all of them keep your messages encrypted. Fortunately, the most popular one around (Whatsapp) does.

It’ll let you send messages to friends and family worldwide using end-to-end encryption, keeping them secure. The only downside? Whatsapp is owned by Facebook, a notoriously data-hungry corporation, and while it insists it doesn’t (and can’t) read users messages, some people are understandably not convinced.

Luckily there are a number of other encrypted messaging apps around that will do just as good a job without any involvement from Mark Zuckerberg. Our colleagues at Techworld have rounded up the best of the bunch, so head there to take a look.

Depending on your needs, one other (and slightly different) option is goTenna Mesh. These portable devices are designed primarily for areas with poor signal, and let you create a mini mesh network to communicate, but use end-to-end encryption on all messages – with no backdoor access, according to the creators. 

Sold in packs of two, four or eight, you simply pair each goTenna to a phone over Bluetooth and can then send encrypted messages (though not voice calls) between devices as long as they’re in range – up to four miles in open terrain, and half a mile or so in busier urban environments. You can also use the devices to create a relay, extending the range with each one.

Obviously this won’t be the ideal solution for everyone, but it could be perfect for people who want to reliably and securely contact friends and family who live near them – or anyone hoping to plan for a visit to a low-signal area, such as a hiking trip or festival weekend. You can buy a pack directly from goTenna.

Go to Source

How to boost your mobile signal

When you live and work in a big city, it’s easy to forget that not everyone in the UK enjoys great mobile coverage. Depending on your mobile provider, some rural areas have little to no coverage at all, so what can you do if you have poor mobile reception at home? Here we outline your options.

Alternatives to a mobile network for calls and texts

Most UK households have fast enough broadband for Wi-Fi calling. There’s really no difference between Skype and what most mobile operators call Wi-Fi calling. It’s simply a phonecall which uses the internet instead of the mobile phone network.

You can check if your provider offers Wi-Fi calling, but it’s also important that your phone does too. If one or both turn out to be incompatible, you could simply use Skype instead. Skype is available for most phones and it’s completely free.

Chances are that the person you want to call already has a Skype account, but if not, it’s quick and easy to create one, install the app, log in and receive (or make) a phone call over Wi-Fi. Skype allows you to call phone numbers as well, for a fee. That’s useful if you have poor signal but your recipient doesn’t and isn’t willing to install Skype – or it isn’t appropriate to ask them to install it, such as if you’re calling a business or customer service centre.

There are, of course, plenty of alternatives to Skype, such as Whatsapp, Facebook Messenger, Viber, and FaceTime (which works on Apple devices only). So if you already chat with someone using one of those apps, you can also call them over Wi-Fi.

However, you can’t expect the other person to be connected via Wi-Fi at the exact moment you want to call them, which is why all the UK’s main networks offer Wi-Fi calling:

O2 allows owners of certain handsets to make Wi-Fi calls without using a specific app.

EE offers Wi-Fi calling but only to pay monthly customers, and only on certain phones.

It’s pretty much the same situation with Vodafone’s Wi-Fi calling which supports only certain iPhones and Samsung Galaxy phones.

Three offers an app (inTouch) so even those without a phone compatible with Wi-Fi calling can call and text without a mobile signal.

Switch networks

This may sound extreme but if you have a terrible mobile signal at home, why not switch to another provider? It’s very easy to switch, and you can just as easily take your existing number with you by asking your old provider for a PAC. You then give this code to your new provider and they arrange to transfer your number.

But how do you know if another provider will offer a better mobile signal? Well, you can check each provider’s claims for coverage at a particular postcode using their coverage checkers. Each will tell you whether the signal will be good outdoors as well as indoors.

If you’d rather get an independent opinion on how good each operator’s signal is in your area, head to opensignal.com – there’s also mobile apps for Android and iOS.

How to improve mobile signal

How to improve mobile signal

But you don’t have to rely on claims. To make sure you’re happy before you switch, simply request a free pay-as-you-go SIM from a provider and try it out for a month in a spare phone (or even in your main phone). It’s likely to cost around £10 for a month’s use, but this is a small price to pay to fix poor coverage.

Most SIMs are now all-in-one, so you pop out the size you need for your phone. You’ll have to use the SIM’s new phone number for the trial, but at least you will have a very good idea of whether the coverage is significantly better than your old provider or not.

If not, try another provider until you find one with the best signal.

Mobile phone signal boosters

If you find that you can only get reception in one room in the house, or by walking down to the bottom of the garden and standing on a bench, then a signal booster could help.

One way to improve your coverage is to use a mobile signal booster. However, be very careful what you buy. As you’ll find on Ofcom’s website most of the devices you can buy online are actually illegal to use.

You can approach your mobile provider and ask if they will supply (or sell you) a repeater, but we’ve found that unless you’re a customer on a monthly contract, they tend not to be very helpful. If you do end up having to pay for a booster out of your own pocket, they can cost from £70 up to around £350 and there are no guarantees they will solve your problem.

If you do want to go down this route, it’s best to go with the option offered by your network operator rather than buying a box from a third-party. Just because a website is called o2signalbooster.co.uk does not mean it is the official supplier for O2 signal boosters.

Here are the links so you can find out more about the options offered by the four main UK networks:

02 signal booster options – Boostbox for office or home office

EE signal booster options – Signal Box

Three signal booster options – Home Signal

Vodafone signal booster- Sure Signal V3

Some of these devices create a mobile signal by using your home broadband, while others repeat a weak signal.

Depending on your needs, one final (and slightly different) option is goTenna Mesh. These portable devices are designed primarily for hiking but will work anywhere with poor signal, and let you create a mini mesh network to communicate.

Sold in packs of two, four or eight, you simply pair each goTenna to a phone over Bluetooth and can then send encrypted messages (though not voice calls) between devices as long as they’re in range – up to four miles in open terrain, and half a mile or so in busier urban environments. You can also use the devices to create a relay, extending the range with each one.

Obviously this won’t be the ideal solution for everyone with low signal, but it could be perfect for people who want to reliably contact friends and family who live near them in the countryside or other low signal areas – or anyone hoping to plan for a visit to a low-signal area, such as a hiking trip or festival weekend. You can buy a pack directly from goTenna.

Go to Source