Get Set For Internet Download Speed Of 1.4 Terabits Per Second


Earlier, tests on faster methods of transmitting data have been conducted using the complex laser technology, but this is the first test conducted in real world conditions, outside the testing labs.

Friday, January 24, 2014 [Original Article]: In what can be termed as the biggest breakthrough in the world of internet, scientists in UK have achieved fastest ever broadband speed of 1.4 terabits per second. This speed is enough to transfer 44 high-definition movies at once.

This test was conducted in London by British Telecom and French networking equipment company Alcatel-Lucent jointly, where they achieved the high speeds of 1.4 terabits per second, or 1,83,501Mbps, on the existing fibre network in London. This breakthrough is of high importance for the internet service providers, as it facilitates sending of greater amount of information through existing broadband infrastructure. All this can happen without costly infrastructure upgrades.

Earlier, tests on faster methods of transmitting data have been conducted using the complex laser technology, but this is the first test conducted in real world conditions, outside the testing labs. This test of fast internet was conducted in October and November last year, on a line from BT Tower in central London and the company’s research campus near Ipswich.

Kevin Drury, optical marketing leader, Alcatel-Lucent, said that this development would reduce the space between lanes on a busy motorway, providing for more lanes of traffic to flow in the same area. In simple terms, this innovation would result in streaming of video via a large, wide lane while accessing standard web pages would need only a small part of the fibre’s capacity.

State-Sponsored Hacking Attacks Targeting Top News Organizations


from the tip-of-the-iceberg dept.
An anonymous reader writes

Security engineers from Google have found that 21 out of the top 25 news organizations have been targeted by cyberattacks that are likely state-sponsored. We’ve heard about some high profile attacks on news sites, but Google actively tracks the countries that are launching these attacks, and even hosts email services for many of the news organizations. ‘Huntley said Chinese hackers recently gained access to a major Western news organization, which he declined to identify, via a fake questionnaire emailed to staff. Most such attacks involve carefully crafted emails carrying malware or directing users to a website crafted to trick them into giving up credentials. Marquis-Boire said that while such attacks were nothing new, their research showed that the number of attacks on media organizations and journalists that went unreported was significantly higher than those made public.’

New variant of Zorenium Bot can infect iOS devices


by paganinip on March 22nd, 2014

Security analysts at SenceCy which are monitoring the advancement of a new Zorenium Bot discovered that it is able to infect also iOS devices.
Security analysts at SenceCy are monitoring the evolution for the Zorenium Bot, a new and unknown malware which has been advertised in the underground since January 2014.

This is the third article in two days of cyber criminal activities against mobile industry, demonstrating the high interest of cybercrime in the exploitation of so powerful and widespread platforms.

Zorenium Bot seems to be an ongoing project, the authors provided new updates this month, probably the most important improvement announced is the ability to infect Apple iOS devices. Apple iOS devices based on version from 5 up to 7 could be infected by the Zorenium Bot, exactly like Linux and Windows based machines.


The cost for the entry-level Zorenium bot is 350 GBP, the price grows up to over 5000GBP if the botnet includes advanced features like the support of P2P communication to C&C, or i2p C&C.

The authors of Zorenium Bot have updated the rootkit to TDL4 (Alureon), a very common rootkit that has been around for several years used in numerous large botnets. Recent versions TDL4 has different advanced capabilities, including the ability to bypass some Windows code-signing requirements.

The security analysts consider the Zorenium Bot very insidious because it still goes undetected by most AV companies.

The Zorenium Bot is an extremely versatile malware, it could be used for surveillance activities thanks formgrabbing and remote monitoring features, for financial frauds thanks the implementation of features of banking Trojan, to run DDoS, instructed as Bot-killing agent, to mine Bitcoin.

Zorenium has been advertised on Pastebin, the full release notes for the latest version of Zorenium bot provided detailed information on malware functionalities.

According to the developers Zorenium bot is still in beta mode, future release could include more features that can make the botnet more resilient.

Pierluigi Paganini

(Security Affairs – Zorenium bot, cybercrime)
Original article>

Malware Attack Infected 25,000 Linux/UNIX Servers

from the sudo-configure-your-stuff-properly dept.
wiredmikey writes


Security researchers from ESET have uncovered a widespread attack campaign that has infected more than 25,000 Linux and UNIX servers around the world. The servers are being hijacked by a backdoor Trojan as part of a campaign the researchers are calling ‘Operation Windigo.’ Once infected, victimized systems are leveraged to steal credentials, redirected web traffic to malicious sites and send as many as 35 million spam messages a day. ‘Windigo has been gathering strength, largely unnoticed by the security community, for more than two and a half years and currently has 10,000 servers under its control,’ said Pierre-Marc Bureau, security intelligence program manager at ESET, in a statement.

There are many misconceptions around Linux security, and attacks are not something only Windows users need to worry about. The main threats facing Linux systems aren’t zero-day vulnerabilities or malware, but things such as Trojanized applications, PHP backdoors, and malicious login attempts over SSH. ESET recommends webmasters and system administrators check their systems to see if they are compromised, and has published a detailed report presenting the findings and instructions on how to remove the malicious code if it is present.

Everything You Wanted To Know About The Linux Kernel

Original article


We demystify the Linux Kernel by bringing forth some features that are common to all versions of Linux OS.

Wednesday, September 25, 2013: Linux Kernel is a piece of code that is common to all versions of Linux. Proper understanding of the Linux kernel allows you to modify the operating system (OS) so as to incorporate support for the features you want. Every Linux kernel comes with these features:


Multiuser – You can not only have multiple user accounts on a Linux system, but can also have multiple users logged in and working on the system simultaneously. Also, the users can arrange their own environments the way they want. It is possible to have user accounts password-protected, so that users can monitor who gets access to their applications and data.

Multitasking – In Linux, it is possible to have several programs running together, which means that you can not only have multiple programs running together, but that the Linux OS can itself have programs running in the background. Majority of these system processes make it feasible for Linux to work as a server with numerous background processes responding to the network for requests to log in to your system, display an Internet page, print a document, or copy a file.

Graphical user interface (X Window System) – The robust framework for working with graphical applications in Linux is dubbed as the X Window System (or simply X). X manages the functions of opening X-based graphical user interface (GUI) applications and showing them on an X server process (the process that controls your screen, mouse, and keyboard).

Hardware support – It is possible to organize support for roughly every type of hardware which can be connected to a pc. You can get support for floppy disk drives, CD-ROMs, removable disks, sound cards, video cards, tape devices, and lots of other things you can think of.

Networking connectivity – Linux provides support for a range of local area network cards to connect your Linux system to a network, modems, and serial devices. Additionally, LAN protocols, including Ethernet -both wired and wireless, all the most admired upper-level networking protocols can be integrated. TCP/IP is the most popular of these protocols is which is used for connecting to the Internet while other protocols, such as IPX and X.25 are also available.

Network servers – Linux provides best networking services to the client computers on the LAN and also to the entire Internet. It offers you a range of software packages to enable you to use Linux as a print server, file server, FTP server, mail server, Web server, news server, or workgroup (DHCP or NIS) server.

Application support – Due to the compatibility with POSIX and various other application programming interfaces (APIs), a large variety of freeware and shareware software is available for Linux. Majority of GNU software from the Free Software Foundation will run in Linux.


U.S. To Give Up Control Over Internet

U.S. to relinquish remaining control over the Internet

By Craig Timberg, Published: March 14

U.S. officials announced plans Friday to relinquish federal government control over the administration of the Internet, a move that pleased international critics but alarmed some business leaders and others who rely on the smooth functioning of the Web.

Pressure to let go of the final vestiges of U.S. authority over the system of Web addresses and domain names that organize the Internet has been building for more than a decade and was supercharged by the backlash last year to revelations about National Security Agency surveillance.

The change would end the long-running contract between the Commerce Department and the Internet Corporation for Assigned Names and Numbers (ICANN), a California-based nonprofit group. That contract is set to expire next year but could be extended if the transition plan is not complete.

“We look forward to ICANN convening stakeholders across the global Internet community to craft an appropriate transition plan,” Lawrence E. Strickling, assistant secretary of commerce for communications and information, said in a statement.

The announcement received a passionate response, with some groups quickly embracing the change and others blasting it.

In a statement, Senate Commerce Committee Chairman John D. Rockefeller IV (D-W.Va.) called the move “consistent with other efforts the U.S. and our allies are making to promote a free and open Internet, and to preserve and advance the current multi-stakeholder model of global Internet governance.”

But former House speaker Newt Gingrich (R-Ga.) tweeted: “What is the global internet community that Obama wants to turn the internet over to? This risks foreign dictatorships defining the internet.”

The practical consequences of the decision were harder to immediately discern, especially with the details of the transition not yet clear. Politically, the move could alleviate rising global concerns that the United States essentially controls the Web and takes advantage of its oversight position to help spy on the rest of the world.

U.S. officials set several conditions and an indeterminate timeline for the transition from federal government authority, saying a new oversight system must be developed and win the trust of crucial stakeholders around the world. An international meeting to discuss the future of Internet is scheduled to start on March 23 in Singapore.

The move’s critics called the decision hasty and politically tinged, and voiced significant doubts about the fitness of ICANN to operate without U.S. oversight and beyond the bounds of U.S. law.

“This is a purely political bone that the U.S. is throwing,” said Garth Bruen, a security fellow at the Digital Citizens Alliance, a Washington-based advocacy group that combats online crime. “ICANN has made a lot of mistakes, and ICANN has not really been a good steward.”

Business groups and some others have long complained that ICANN’s decision-making was dominated by the interests of the industry that sells domain names and whose fees provide the vast majority of ICANN’s revenue. The U.S. government contract was a modest check against such abuses, critics said.

“It’s inconceivable that ICANN can be accountable to the whole world. That’s the equivalent of being accountable to no one,” said Steve DelBianco, executive director of NetChoice, a trade group representing major Internet commerce businesses.

U.S. officials said their decision had nothing to do with the NSA spying revelations and the worldwide controversy they sparked, saying there had been plans since ICANN’s creation in 1998 to eventually migrate it to international control.

“The timing is now right to start this transition both because ICANN as an organization has matured, and international support continues to grow for the multistakeholder model of Internet governance,” Strickling said in a statement.

Although ICANN is based in Southern California, governments worldwide have a say in the group’s decisions through an oversight body. ICANN in 2009 made an “Affirmation of Commitments” to the Commerce Department that covers several key issues.

Fadi Chehade, president of ICANN, disputed many of the complaints about the transition plan and promised an open, inclusive process to find a new international oversight structure for the group.

“Nothing will be done in any way to jeopardize the security and stability of the Internet,” he said.

The United States has long maintained authority over elements of the Internet, which grew from a Defense Department program that started in the 1960s. The relationship between the United States and ICANN has drawn wider international criticism in recent years, in part because big American companies such as Google, Facebook and Microsoft play such a central role in the Internet’s worldwide functioning. The NSA revelations exacerbated those concerns.

Top 10 Web Threats


IT security professionals are on the front lines against web threats. A web threat is anything on the Internet that facilitates cybercrimes, including computer viruses, denial-of-service attacks and malware that target computer networks and devices. Other cybercrimes include cyber stalking, fraud and identity theft, information warfare, and phishing scams, all of which use computer networks and devices to facilitate other crimes. Financial damages, identity theft, loss of confidential information or data, damage to a company’s brand or a person’s reputation, and declining consumer confidence are just some of the risks posed by Web threats.

Web Threats Are Serious Threats

Every individual on every desktop and mobile computing device connected to the Internet is vulnerable to Web threats. Organizations worldwide are more dependent than ever on conducting business through the Internet. That dependence, combined with ever-changing Web threats, means most organizations are at risk every day of losing data, productivity and revenue. The increasing need for protection against the losses caused by Web threats is driving the growth of information systems (IS) security jobs.

Web threats often enter networks without user knowledge. They can also be triggered by clicking on a hyperlink or executable file attachment in a spam email. Once in a system, Web threats spawn variants, creating a chain reaction that spreads through the Web to infect more machines and perform more malicious activities.

Fighting Back Against Cyber Threats With IT Security

IT professionals specializing in IS security work need to stay up-to-date on cyber threats. Typically, they manage known threats from known sources through URL filtering and content inspection solutions. These require frequent updates, but are generally effective. It has become clear in recent years that multi-layered protection is necessary to fully protect consumers and businesses from web threats.

The “layers” referred to include the cloud, the Internet gateway, network servers and individual computers. The multi-layer approach integrates antivirus, anti-phishing, anti-spyware and anti-spam protection with website analysis using multiple techniques, such as source reputation and content clearing.

Top 10 Web Threats

Web threats are more damaging and extensive than ever. Nearly any website can either host malware or send the user to one that does. And infections are more likely to result from a visit to a legitimate website that has been compromised with spyware than from a phony site set up specifically to spread malware.

Last year, IT security firm Symantec released a list of history’s 10 most notorious Web threats:

I Love You (2000): This worm used a friendly phrase to entice users to open it. Ultimately, the Pentagon, CIA and British Parliament’s email systems were shut down in an effort to fight it.
Conficker (2009): Conficker allows its creators to remotely install software on infected machines. Later, it could possibly be used to create a botnet that can be rented out to criminals seeking to steal identities and direct users to online scams and phishing sites.
Melissa (1999): Named for the exotic dancer its creator was obsessed with, this virus kicked off a long period of high-profile threats between 1999 and 2005.
Slammer (2003): A fast-moving, aggressive worm, Slammer brought much of the Internet down in January, 2003.
Nimda (2001): This mass-mailing worm uses multiple methods to spread itself and became the Internet’s most widespread worm in 22 minutes. Its name is “admin” in reverse.
Code Red (2001): Websites with the Code Red worm were defaced by the phrase “Hacked By Chinese!”
Blaster (2003): The Blaster worm launched a denial of service attack against Microsoft’s Windows Update website.
Sasser (2004): Capable of spreading without user intervention, Sasser caused Delta Airlines to cancel some of its flights.
Storm (2007): Another worm directed at Microsoft, it was observed sending almost 1,800 emails from a single machine in a five-minute period.
Morris (1988): An old worm that remains famous and allows current worms to exist, Morris was created innocently in an attempt to gauge the size of the Internet.
Top Trends in Cyber Threats

Hackers and cyber thieves are continuously launching new Web threats – often tied to newsworthy events:
In December, 2010, supporters of the website WikiLeaks protested against MasterCard and Swiss bank PostFinance’s disruption of funding to the site by attacking their websites. The hackers, dubbed Anon_Operation, said they had brought down with denial of service attacks.
In June, 2010, spammers and scammers took advantage of national interest in the FIFA World Cup in South Africa to release spam, scams, advance-fee “419” fraud and malware attacks.
The average rate for malware in email traffic in 2010 was one in 284.2 emails, according to Symantec’s MessageLabs Intelligence2010 Annual Security Report. There was a substantial increase in the number of different malware strains blocked, due largely to the growth in polymorphic malware variants that allow a new version of the code to be generated quickly and easily, according to the report.
Two of the greatest challenges for IT security professionals are protecting an increasingly mobile workforce and the business world’s skyrocketing use of social media tools – which cyber criminals have recognized as a new means to conduct illegal activity and inflict harm.
Increasing broadband availability, combined with more users without computer security awareness gaining Internet access, is leading to high rates of malware infection in additional areas like East Africa.
Symantec predicts that in 2011, botnet controllers will begin hiding commands in plain view – within images or music files shared through file sharing or social networking sites.
IS Security Job Descriptions

The new and unknown Web threats designed to adapt to traditional methods and avoid detection keep IS security professionals on their toes. Their main responsibility is to analyze systems to prevent security breaches, loss of revenue and harm to brands, and protect confidential data.

Overview of IT Security Careers

IS security jobs can be found in organizations in the private, public and government sectors, worldwide. Employers need the skills and knowledge that experienced professionals bring. With advanced training and industry certification, you can pursue a career as an IS security engineer, IT security consultant or IS security manager. Additional experience and training can lead to executive IT security jobs like chief IT officer, director of information technology, senior IS security analyst, chief IS security officer, and IS security director.

IT security professionals are responsible for creating different methods to protect an organization against spyware and malware, while keeping Internet bandwidth available for business needs. They must also guard against employees’ improper Internet use, like visiting infected websites, and prevent loss of confidential information and data.

Different responsibilities come with varying levels of responsibility on the IS security career path. In mid-level positions like IS security engineer and IS security manager, job descriptions typically include duties like performing security design reviews, code audits and black box testing. They may also develop product specifications, plans, schedules and other written correspondence. Higher-level executives such as chief technology officers, IS security directors and chief information officers lead an organization’s IS security strategy, planning and supervisory activities, and directing an information systems security or information technology department.

IT Security Potential Salary

The U.S. Bureau of Labor Statistics (BLS) data from May, 2009 indicate computer and information systems managers earned average salaries of $120,640. Those in the 75th percentile earned around $143,590 per year, while the top 10% earned upwards of $166,400 annually. and records for December 2010 showed that IT and IS security managers, directors and executives had an annual base income in the following ranges:

IS Security Position Median Annual Base Pay. 90th Percentile
IS Security Manager $101,633 $128,405
IT Security Director $111,379 $146,286
Information Security Director $133,790 $161,060
Information Technology Dir. $160,390 $206,452
Chief Information Security Off. $161,961 $224,359
Chief Information Tech Off $227,837 $330,577
IS Security Job Education and Training: Learn to Fight Cyber Threats

IT and finance professionals, project managers and business professionals from a variety of backgrounds are affected by web threats. Those interested in pursuing a career in IS security should consider acquiring the in-demand information security skills and certification that today’s top employers require.

Landing an IS security job typically requires at least a bachelor’s degree, specialized IS security training and recognized credentials such as the Certified Information Systems Security Professional (CISSP ®) or Systems Security Certified Practitioner (SSCP®) certification through (ISC)2® or CompTIA (Computing Technology Industry Association) Security+™ certification. To develop these critical skills and prepare for certification exams, many professionals enroll in continuing professional education – such as the Master Certificate in Information Security programs offered 100% online by Villanova University.

Original article

Verizon Shares Glimpse Into Upcoming 2014 Data Breach Investigations Report

Kelly Jackson Higgins

Breach data for upcoming Verizon report comes from some 50 contributing organizations from 95 nations, including Eastern European and Latin American CERTs

Original article:

RSA CONFERENCE 2014 – San Francisco — A decade of breach data gathered by Verizon for its Data Breach Investigations Report shows that the bad guys are winning when it comes to the efficiency of hacking into their victims’ systems, executives from the company said here this week.

Wade Baker, managing principal of RISK Intelligence for Verizon and one of the main authors of the company’s renowned annual breach report, gave a little sneak peek here at some of the findings of the upcoming 2014 DBIR, due this spring. Baker says in three-fourths of the cases, it takes attackers days or less to compromise their target, while one-fourth of the time, victim organizations discover the attack in days or less.

“Attackers are getting quicker at compromising systems over the past 10 years,” Baker said. “Less than 25 percent of good guys discovered these incidents in days or less. This is not a good situation … The bad guys are winning at a faster rate than the good guys are winning.”

[Verizon Data Breach Investigations Report 2013 says financial cybercrime accounting for three-fourths of real-world breaches, followed by cyberespionage in one-fifth of breaches. See No ‘One Size Fits All’ In Data Breaches, New Verizon Report Finds.]

This year’s DBIR draws from 50 different contributing organizations from 95 different countries, including the U.S. Secret Service, the Poland CERT, and Latin American CERTs. That’s a big jump from the 19 contributors representing 27 countries in the 2013 Verizon DBIR.

Bryan Sartin, director of Verizon’s RISK Team, said incident detection is the underlying problem with the delayed awareness and reaction of victim organizations to attacks. Verizon in its report last year said most intrusions go undiscovered for seven months on average. “Victims don’t even find out on their own. They are finding out from someone else,” Sartin said. “Clearly, [what] has to change is detection — the inability of victims to recognize and react to indicators of a cyberattack before it ends up a data breach and is in the headlines. That inability is security’s greatest single failure.”

U.S. Secret Service special agent Edward Lowery, who heads up the agency’s criminal investigative division, said in a panel discussion hosted by Verizon here that it’s all about the money for the bad guys his agency tracks. “They are in it for the profit, and their business model requires that they be surreptitious. It’s all about the money,” Lowery said.

He said the surge in retail breaches of late isn’t really new to that industry. But these and other breaches are becoming more sophisticated compared with earlier attacks, such as the one on TJX. “We have seen changes in the attack vectors … how long these individuals have been in the system. They study for their future crimes, looking for the vulnerabilities they can exploit,” Lowery said. “The actual intrusion may happen really quickly, but the work they do beforehand may not happen quickly.”

Verizon’s Baker says the bad news from this year’s report is that the cybercriminals and other attackers are getting better at what they do, while the security community is not improving its game quickly enough to keep pace.

Verizon said its upcoming DBIR will include more specific recommendations for incidents and more “actionable” information.

The 2013 Verizon DBIR found attacks occurring in minutes or less in 84
percent of the cases, while 66 percent of breaches go undetected for months or even years.