flame
Latest
Symantec: work on Stuxnet worm started two years earlier than first thought
Most of us think we know the tale of Stuxnet: it's a possibly government-sponsored worm that played havoc with Iranian centrifuges in 2009, setting back the country's uranium enrichment program without involving any traditional weapons. Researchers at Symantec, however, now claim there's an untold narrative. They've discovered a Stuxnet 0.5 version that may have been in development or active as soon as November 2005, two years before the commonly accepted timeline. It first surfaced on trackers in November 2007, and would have created wider-ranging chaos at Iran's Natanz nuclear facility by closing vital pressure valves instead of using the subtler centrifuge technique. Symantec also noticed that this pre-1.0 malware shares traits with the Flamer code base, putting it in the context of an even larger effort than seen so far. Moreover, it would have required extensive knowledge of the Natanz infrastructure -- this was no casual attack, according to the researchers. While we may never know exactly what prompted the revamp, IAEA evidence suggests that Stuxnet wasn't truly effective until the better-known version came into play. We mostly know that modern cyberwarfare had its fair share of growing pains -- and that it's not as fresh-faced as we assumed.
Kaspersky Labs preps its own OS to guard vital industry against cyberwarfare
Kaspersky Labs' namesake Eugene Kaspersky is worried that widely distributed and potentially state-sponsored malware like Flame and Stuxnet pose dire threats to often lightly protected infrastructure like communication and power plants -- whatever your nationality, it's clearly bad for the civilian population of a given country to suffer even collateral damage from cyberattacks. To minimize future chaos and literally keep the trains running, Kaspersky and his company are expanding their ambitions beyond mere antivirus software to build their own, extra-secure operating system just for large-scale industry. The platform depends on a custom, minimalist core that refuses to run any software that isn't baked in and has no code outside of its main purposes: there'll be no water supply shutdowns after the night watch plays Solitaire from an infected drive. Any information shared from one of these systems should be completely trustworthy, Kaspersky says. He doesn't have details as to when the OS will reach behind-the-scenes hardware, but he stresses that this is definitely not an open-source project: some parts of the OS will always remain confidential to keep ne'er-do-well terrorists (and governments) from undermining the technology we often take for granted.
Security researchers dissect Flame's handling program, find three new viruses 'at large'
It seems Stuxnet and Flame aren't the only out-of-control cyber-weapons roaming around the Middle East. Security researchers from Symantec and Kaspersky have found that the Flame malware had the electronic equivalent of a "handler," a program called NEWSFORYOU, which is also in charge of three further viruses that are code-named SP, SPE and IP. The trio have yet to be analyzed, because although a cache of data has been discovered on a command-and-control server, decoding it has proved "virtually impossible." While both security companies have declined to point a finger as to the viruses' origin, Reuters' sources suggest they're from the United States, while The Washington Post has been told that the project was a joint-enterprise with Israel -- in keeping with the existing narrative that this is the pair behind Stuxnet.
Windows updated with better checking for bad digital certs after Flame malware incident
Having already pushed one patch to servers as part of its response to the recently discovered Flame trojan, Microsoft is making another adjustment on Windows Vista, Windows 7, and Windows Server 2008 machines. A new update going out lets revoked certificates be published and recognized much faster, which would protect against a vulnerability exploited by Flame to fake its way in as a legitimate update. Informationweek has more information on the old OCSP method used to set revocation status, and also points out another vulnerability in XML Core Services the folks in Redmond is warning people of this week and has already released a "fix it" solution for. Hit the source link to get all the details and grab the update, IT types may want to update their firewalls with the new URLs being put into use for the lists.
Flame malware extinguishes itself, Microsoft protects against future burns
The folks behind that nasty Flame trojan that burned its way through the Middle East aren't the kind to brag -- the malware's manufacturers apparently started dousing their own fire last week. According to Symantec reports, several compromised machines retrieved a file named browse32.ocx from Flame controlled servers, which promptly removed all traces of the malware from the infected systems. Although the attackers seem spooked, Microsoft isn't taking any chances, and has issued a fix to its Windows Server Update Services to block future attacks. The update hopes to protect networked machines from a similar attack by requiring HTTPS inspection servers to funnel Windows update traffic through an exception rule, bypassing its inspection. The attackers? "They're trying to cover their tracks in any way they can," Victor Thakur, principal security response manager at Symantec told the LA Times, "They know they're being watched." Check out the source link below for the Symantec's run down of the trojan's retreat.
Stuxnet pinned on US and Israel as an out-of-control creation
Ever since Stuxnet was discovered, most of the accusing fingers have been pointed at the US, Israel or both, whether or not there was any evidence; it was hard to ignore malware that seemed tailor-made for wrecking Iranian centrifuges and slowing down the country's nuclear development. As it turns out, Occam's Razor is in full effect. An exposé from the New York Times matter-of-factly claims that the US and Israel coded Stuxnet as part of a cyberwar op, Olympic Games, and snuck it on to a USB thumb drive that infected computers at the Natanz nuclear facility. The reason we know about the infection at all, insiders say, is that it got out of control: someone modified the code or otherwise got it to spread through an infected PC carried outside, pushing Obama to either double down (which he did) or back off. Despite all its connections, the newspaper couldn't confirm whether or not the new Flame malware attack is another US creation. Tipsters did, however, deny that Flame is part of the Olympic Games push -- raising the possibility that there are other agencies at work. [Image credit: David Holt, Flickr]
Flame malware snoops on PCs across the Middle East, makes Stuxnet look small-time
Much ado was made when security experts found Stuxnet wreaking havoc, but it's looking as though the malware was just a prelude to a much more elaborate attack that's plaguing the Middle East. Flame, a backdoor Windows trojan, doesn't just sniff and steal nearby network traffic info -- it uses your computer's hardware against you. The rogue code nabs phone data over Bluetooth, spreads over USB drives and records conversations from the PC's microphone. If that isn't enough to set even the slightly paranoid on edge, it's also so complex that it has to infect a PC in stages; Flame may have been attacking computers since 2010 without being spotted, and researchers at Kaspersky think it may be a decade before they know just how much damage the code can wreak. No culprit has been pinpointed yet, but a link to the same printer spool vulnerability used by Stuxnet has led researchers to suspect that it may be another instance of a targeted cyberwar attack given that Iran, Syria and a handful of other countries in the region are almost exclusively marked as targets. Even if you live in a 'safe' region, we'd keep an eye out for any suspicious activity knowing that even a fully updated Windows 7 PC can be compromised.
Patch 4.2: Fandral's Flamescythe turns feral cats fiery
Feral druids, rejoice! Majordomo Staghelm turns into a pretty cool-looking flame cat during his encounter in patch 4.2's raid, The Firelands. Druids have been clamoring for Blizzard to in some way or another give feral cat druids that awesome flaming cat form. Well, your hopes and prayers were answered -- Fandral's Flamescythe, a drop from Majordomo Staghelm, will shift you into flame cat form when in cat form as long as it is equipped. This is wonderful news for druids, as more customization is always welcome. Blizzard's design philosophy of You went to the Firelands and came out looking like the Firelands is in full swing. Feral druids went to the Firelands, looked Fandral Staghelm in the eyes, and left with a tangible reward -- a sweet new form. This also paves the way for other items to also change players' forms, much like Deathbringer's Will from Icecrown Citadel in Wrath. The news is already rolling out for the upcoming WoW Patch 4.2! Preview the new Firelands raid, marvel at the new legendary staff, and get the inside scoop on new quest hubs -- plus new Tier 12 armor!
Painting with fire, thanks to a cybernetic glove (video)
Fire: the most primal element. "It's a living thing," Robert De Niro once said, "It breathes, it eats, and it hates. The only way to beat it is to think like it." Unless you're an artist – then you rig up a series of tubes, pump in some kerosene, and connect it to a Power Glove-like control device. Next thing you know, you're "fire painting," making that hateful beast dance and strut for your amusement. "Its burning can be handled by subtle movements of the sensory data glove for tactile formulation of the fiery image," the artist explains, "Thus, the image can be manipulated, yet it constantly escapes control." To know what it's like to summon flame with a flick of your wrist – while sporting a creepy smiley-face welding mask, no less – see the video above.
Flame is the world's most advanced -- and Dutch -- walking robot
Walking robots never cease to amaze, but "Flame" from TU Delft PhD student Daan Hobbelen is what we like to call a mega breakthrough. By mimicking the way that humans actually fall forward when walking, this robot comes insanely close to the real thing. Usually, walking robots are energy-hungry propositions, but this is the first that's both efficient and stable. Inside Flame are seven motors and a balance "organ" loaded with stability algorithms. By measuring each step, the robot adjusts stance width, speed, and gait on the go. In the end, kids, we're looking at the world's most advanced and efficient walking robot. If you want to see this thing in action, head on over the read link where you can download a .wmv.
Rock on with Rocklighter for the iPhone
Stop the presses! We've found the killer app for the iPhone. Forget about serious applications or complicated games-- the only bookmark you need for your new cell phone is right here: Rocklighter.I happened to be at a concert last week, and the lead singer asked everyone not to raise their lighters, but their DSes, PSPs, and cell phones. If you've got an iPhone, now you can show your support for "Free Bird" without bringing out an open flame. Rock on!Thanks, ethan!
O2 Xda Flame to redefine Pocket PC high end?
Call us fickle, but if the rumored specs on this thing are even close to accurate, we're quite ready to put the whole Nokia N97 debacle firmly behind us. In fact, this so-called "Xda Flame" for O2's networks (read: not us poor, smartphone-starved Americans) has us salivating uncontrollably to the point where we're embarrassing ourselves. Skeptical? Check this: a 3G radio (HSDPA, we're guessing), 2GB of internal storage, 802.11b/g, a 2 megapixel cam, surround sound, TV out, and an XScale PXA270 clocked at 520MHz, all paired up to a 3.6-inch VGA (yes, we said VGA) display powered by an NVIDIA GoForce 5500. Breathtaking, is it not? Sounds too good to be true, in fact -- but we should know some time next year when this thing's allegedly lined up to hit store shelves. Now go back to your 8525s, folks, and we'll let you know when you can buy one of these suckers.
Potential PS3 pitfalls parried
Why spend hours trolling dozens of different forum threads to find complaints about the PS3 to refute? Gaming Horizon has done the work for you, responding to ten of the most common PS3 issues discussed on forums around the web. It's one-stop shopping for all your pro- and anti-PS3 arguments!The pro-PS3 responses from three GH editors range from sympathetic to antagonistic to self-deprecating without descending into the sort of fanboy hyperbole that is common on forums. In fact, now that this document exists, we predict that all future forum threads on the topic will be closed and redirected to this calmer, more rational take on the issues. Also, temperatures in hell tomorrow will reach into the single digits and the first annual flying pig competition is predicting a record turnout.
Wii vs. PS3 fanboy war hits You Tube
You may have taken notice of a war in the land of handhelds recently. It turns out the conflict has spilled into next-gen streets (GASP!) as well. In the first, of what we assume will be many more, blows against Sony, You Tube user luigirulesnintendo has put together a video highlighting what he believes to be are the console's stellar attributes and superior capabilities above its more expensive competition. Continue reading to see the embedded video.[Thanks Wii-lover!]
