Home » Technology

Category Archives: Technology

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,042 other followers

Homophobia is a crime, report it.The Internet Defense LeagueAvast Free Antivirus

Russian hackers use ‘zero-day’ to #hack #NATO, #Ukraine in cyber-spy campaign


Microsoft says it will release a patch on Oct. 14 for the vulnerability that the Russian hackers group has exploited.Microsoft says it will release a patch on Oct. 14 for the vulnerability that the Russian hackers group has exploited. (KACPER PEMPEL/REUTERS)

Ellen Nakashima reporting,

A Russian hacking group probably working for the government has been exploiting a previously unknown flaw in Microsoft’s Windows operating system to spy on NATO, the Ukrainian government, a U.S. university researcher and other national security targets, according to a new report.

The group has been active since at least 2009, according to research by iSight Partners, a cybersecurity firm. Its targets in the recent campaign also included a Polish energy firm, a Western European government agency and a French telecommunications firm.

“This is consistent with espionage activity,” said iSight Senior Director Stephen Ward. “All indicators from a targeting and lures perspective would indicate espionage with Russian national interests.”

There is no indication that the group was behind a recent spate of intrusions into U.S. banks, including JPMorgan Chase, Ward said.

The Russian government has denied similar allegations of cyber-espionage in the past. Current and former U.S. intelligence officials, nonetheless, say the capabilities of Russian hackers are on par with those of the United States and Israel.

“It’s possible they’ve become more active in response to the Ukrainian situation,” said a former intelligence official. “And when you become more active, you increase your likelihood of getting caught.”

ISight dubbed the recently detected hacking group SandWorm because of references embedded in its code to the science-fiction novel “Dune.” There were various mentions in Russian to the fictional desert planet of Arrakis, for instance.

The Ukrainian government was hacked in late August, in the lead-up to the NATO summit in Wales, where member states discussed Russia’s actions in Ukraine.The Ukrainian government was hacked in late August, in the lead-up to the NATO summit in Wales, where member states discussed Russia’s actions in Ukraine. © AFP

The firm began monitoring the hackers’ activity in late 2013 and discovered the vulnerability — known as a “zero-day” — in August, Ward said. The flaw is pres­ent in every Windows operating system from Vista to 8.1, he said, except Windows XP.

The Ukrainian government was targeted in late August, in the lead-up to the NATO summit in Wales, where member states discussed Russia’s actions in Ukraine. Using a technique called spearphishing, SandWorm sent e-mails to targets that appeared to come from legitimate sources but included attachments that, when opened, enabled the hackers to gain access to their computers, Ward said.

Some of the spearphishing e-mails appeared to concern a global security forum on Russia and a purported list of Russian sympathizers or “terrorists,” the firm said.

ISight technical analyst Drew Robinson said the firm attributed the campaign to Russia partly because of the targets and partly because the command server, located in Germany, had not been properly secured. The server was inadvertently exposing Russian-language computer files that had been uploaded by the hackers.

“They could have closed it off, and they didn’t,” he said of the server. “It was poor operational security.”

ISight was not able to determine how successful the hackers might have been in obtaining information. But Robinson said that by analyzing the malware files, iSight was able to determine that certain targets — including Ukrainian government servers — had been compromised.

SandWorm apparently adapted malware previously used by cybercriminals, probably as a way “to mask” its espionage intents, Ward said.

Microsoft plans to release a patch for the vulnerability Tuesday, as part of the security industry’s monthly “Patch Tuesday” — a coordinated release of fixes to vulnerabilities in software.

A Microsoft spokeswoman said the firm’s patch will be released in security bulletin MS14-060.


The Washington Post.

#Ikea kitchens help sell #insulation to Dutch – and #UK could be next


Dutch consortia Energiesprong could give zero carbon retrofits to social homes across England, using innovative wrap-around insulated panels, if EU funding is approved.

Dutch energiesprong (‘Energy Leap’) pilot project in Tilburg in the Netherlands.Dutch energiesprong (‘Energy Leap’) pilot project in Tilburg in the Netherlands. Photograph: Rogier Bos/Energiesprong

Arthur Neslen reporting,

More than 100,000 homes across the UK could be given a carbon-neutral retrofit by 2020 if the EU approves funding for a ground-breaking green social housing project this month.

The first pilot projects are due to start within a year on council estates and housing association properties in London, Birmingham and southern England and are set to save 1,950GWh of electricity.

The Energiesprong (Energy Leap) initiative involves completely wrapping houses with insulated panel-facades that snap on like Lego. Insulated roofs adorned with 24 high-efficiency solar panels each are fastened on top, while heat pumps, hot water storage tanks and ventilation units are stored in garden sheds.

On the Woonwaard housing estate near Amsterdam, tenants whose homes have already received the upgrade say that the final effect is like living inside a ‘tea cosy’.

“This new house is great,” former social worker Astrid Andre, 58,told the Guardian. “You can’t hear the traffic from outside anymore. It feels as if I’m living in a private home, rather than social housing. Before, the wind used to go through the house in winter. I have arthritis and when the weather was colder, it became worse. But my bones are better now, more supple.”

Former social worker Astrid Andre, who lives near Amsterdam, says that both noise and draft levels have improved since the retrofit.Former social worker Astrid Andre, who lives near Amsterdam, says that both noise and draft levels have improved since the retrofit. Photograph: Arthur Neslen for The Guardian

The programme has already won a contract from the Dutch government to provide a wave of 10-day makeovers to 111,000 homes on estates mostly built in the 1960s and 70s. It is now bidding for €10m (£787,671) from the EU’s Horizon 2020 money pot to extend the project to the UK and France.

Partners in the bid to bring the Dutch Energiesprong consortia to the UK include the Greater London Authority (GLA), the Department of Energy and Climate Change (Decc), The Housing Finance Corporation (THFC) and the National Federation of Housing Associations (NFHA).

“The Netherlands has a head start but the basic logic is the same,” said Jasper van den Munckhof, Energiesprong’s director. “If you have political will, government support, and a housing association sector that can put up a strong volume for conceptual development, then there is a profitable case for builders to step in.”

Materials used for wall isolation in renovated houses by Dutch Energiesprong in Arnhem.Materials used for wall isolation in renovated houses by Dutch Energiesprong in Arnhem. Photograph: Frank Hanswijk/Energiesprong

The deceptively simple idea behind the initiative has been to finance the roughly 300,000 mass-produced renovations from the estimated €18bn of savings from energy bills that they will make each year.

In the Netherlands, upfront capital comes from the WSW social bank, which has provided €6bn to underwrite government-backed 40-year loans to housing associations. These then charge tenants the same amount they had previously paid for rent and energy bills together, until the debt is repaid.

The prefabricated refurbishments come with a 40-year builders’ guarantee that covers the entire loan period, and a 5.25% return is guaranteed to participating housing associations.

But the renovations can only be done if all tenants in a block agree to it, and that spurred the invention of an unlikely environmental incentive: free bathrooms, fridges and Ikea kitchens, with electric cooking.

“Everyone has been talking about it since last December,” said Bianca Lakeman, a 32-year-old office worker and single mother on the Woonwaard estate. “They’re saying how the front facade is very modern but most of all they are talking about the beautiful Ikea kitchens.”

Tenants can choose the kitchen’s colour and design and, because the construction companies are contracted to provide maintenance for the next four decades, the new installations work out cheaper than the anticipated costs of servicing mid-20th century kitchens into the mid-21st century.

“When we started, there was a period where not everybody was keen,” said Marnette Vroegop, a concept developer for the Woonwaard housing association. “The main doubts were about whether it was realistic.”

Pierre Sponselee, director of Woonwaard housing association.Pierre Sponselee, director of Woonwaard housing association. Photograph: Arthur Neslen for The Guardian

“There is one block of six houses here and one person still says no,” Pierre Sponselee, the association’s director said. “The man had lived here only for a year and came from another house where he’d had a renovation and he didn’t want another one. It is a pity for the rest of the neighbours.”

Minor complaints from tenants about the refurbishments have included noise from garden shed installations and increased awareness of internal house sounds, as floorboards become proportionately louder when outside noises are muffled.

Bianca’s block is due to be renovated this month in the latest construction round on the estate that will see another 50 zero energy homes created. “I’m very excited about it because it can keep my cost of living under control and reduce the effects of climate change,” she said.

Around 40% of Europe’s carbon dioxide emissions come from heating and lighting in buildings and the EU has set a zero energy requirement for all new house builds by 2021. But these only make up around 1% of the continent’s housing stock and how to persuade the construction industry to renovate to new and untried standards had been a vexed question.

With support from the Dutch government, Energiesprong dangled the carrot of secured long-term contracts for a market of up to 2.3m homes, and then asked a depressed construction sector what solutions they could come up with.

Energiesprong renovated building in Groningen.Energiesprong renovated building in Groningen. Photograph: Rogier Bos/Energiesprong

The result was the beginnings of a reindustrialisation of the Dutch building sector, with construction companies taking 3D scans of houses to offer factory-produced refurbishments tailored to each house’s dimensions.

“We have to think like a manufacturer,” said Joost Nelis, the director of BAM, the Netherlands’ biggest construction company. “We want to shrink the garden power units like Apple did the iPad,” Nelis says.

The company is also experimenting with apartment blocks run on DC electricity, which increases solar panel efficiency by about 30%. Almost all buildings in the Netherlands run on AC, but few tower blocks have room for enough solar panels to generate electricity for more than five floors of homes.

While trade unions have enthusiastically signed up to Energiesprong, energy companies that use fossil fuels could lose out on the gathering transformation, according to Nelis. Tenants in places such as Woonwaard can already sell their excess electricity back to the grid and may one day be able to use electric cars to power their homes.

Ambitious though it is, Energiesprong says its programme of building renovations should be seen as a means to a low-carbon transformation of the building sector, rather than an end in itself.

Last week, a similar deal was signed with the Netherlands biggest mortgage banks, real estate surveyors and government, to take the project into the private sector too.


The Guardian – Environment.

#NASA: Send Your Name on NASA’s Journey to Mars, Starting with Orion’s First Flight


Send Your Name on NASA’s Journey to MarsImage Credit: NASA

If only your name could collect frequent flyer miles. NASA is inviting the public to send their names on a microchip to destinations beyond low-Earth orbit, including Mars.

Your name will begin its journey on a dime-sized microchip when the agency’s Orion spacecraft launches Dec. 4 on its first flight, designated Exploration Flight Test-1. After a 4.5 hour, two-orbit mission around Earth to test Orion’s systems, the spacecraft will travel back through the atmosphere at speeds approaching 20,000 mph and temperatures near 4,000 degrees Fahrenheit, before splashing down in the Pacific Ocean.

But the journey for your name doesn’t end there. After returning to Earth, the names will fly on future NASA exploration flights and missions to Mars. With each flight, selected individuals will accrue more miles as members of a global space-faring society.

“NASA is pushing the boundaries of exploration and working hard to send people to Mars in the future,” said Mark Geyer, Orion Program manager. “When we set foot on the Red Planet, we’ll be exploring for all of humanity. Flying these names will enable people to be part of our journey.”

The deadline for receiving a personal “boarding pass” on Orion’s test flight closes Friday Oct. 31. The public will have an opportunity to keep submitting names beyond Oct. 31 to be included on future test flights and future NASA missions to Mars.

To submit your name to fly on Orion’s flight test, visit:

http://go.usa.gov/vcpz

Join the conversation on social media using the hashtag #JourneyToMars.

For information about Orion and its first flight, visit:

http://www.nasa.gov/orion


NASA.

How #London’s 2020 #Tube trains were designed


The £2 billion subway cars will replace trains on the Piccadilly, Central, Waterloo, and City and Bakerville lines, and are aimed at accommodating London’s booming commuter population for the next several decadesThe £2 billion subway cars will replace trains on the Piccadilly, Central, Waterloo, and City and Bakerville lines, and are aimed at accommodating London’s booming commuter population for the next several decades Priestmangoode

Margaret Rhodes reporting,

Descend underground into London’s subway system, and “Mind the Gap” is everywhere. It’s spelled out in tiles on the edge of the platform, it’s announced through the loudspeakers, and it’s probably splashed across a tourist’s t-shirt. But sometime around 2020, the actual gap — the dangerous space between the train and the platform that prompted the transit system in 1969 to start warning passengers — will begin to disappear.

Getting rid of the gap is one of several efficiencies that design firm PriestmanGoode will introduce in its redesign of the London Underground trains. Announced this week, the estimated $4 billion (£2 billion) trains (part of a bigger $25 billion (£16 billion) upgrade) will replace trains on the Piccadilly, Central, Bakerloo, and Waterloo & City lines, and are aimed at accommodating London’s booming commuter population for the next several decades. “London may well go up again twice in size, so you have to think about how these trains will evolve,” says Paul Priestman, director at PriestmanGoode. “We can’t change tunnels and platforms and stations, so how can we let people get on and off the trains more quickly?”

New Tube for London designed by PriestmanGoode.

Clever Details

To delete the gap, PriestmanGoode drafted up trains that have shorter carriages and more of them. This gives each train extra sets of joints, so it can pivot and nestle itself closer to the platform. That leads to swifter train exits for passengers. Each train will also sport larger doors (and more of them as well) to help relieve the bottleneck of commuters getting on and off at every station. The effect is similar to the shiny AirTran system used at airports.

This wouldn’t have been possible when the original cars were built: newer access to stronger, lightweight materials like aluminium and finishes used on aircrafts means that the bigger doors won’t cause subway cars to grow weak and buckle. In an attempt to cut down on delays, they’re also proposing to amp up the communications system with flashing lights that warn commuters when doors open and close. Hopefully, the idea goes, this will stop desperate passengers from shoving doors back open.

Inside, poles tilt outwards to create more breathing room around passengers' faces and upper bodiesInside, poles tilt outwards to create more breathing room around passengers’ faces and upper bodies Priestmangoode

Given all the exterior glitz, much remains the same inside the new tube cars. “Familiar is good, it’s moving forward and is still recognisable,” Priestman says. Besides the fact that the London Underground required the same number of seats, Priestman wanted to preserve a detail that’s unique to the Tube: “It’s interesting that it’s possible to have fabric, and they last,” he says of the upholstered seats, which would never fly in a city like New York. “It says a lot about the character of the design. It’s not like a jail, people have respect for it, the lighting is right. Even in Hong Kong you have steel seats on the metros.”

To keep to the thesis — make the trains as efficient as possible — PriestmanGoode adjusted the floor-to-ceiling handrails so they tilt slightly outward, away from people’s heads and upper bodies, freeing up valuable (and literal) breathing room. An even bigger change is how the cars connect: instead of disjointed carriages, these will be “through-cars” that allow for commuters to safely and easily disperse themselves, even after the train takes off.

All told, the London Underground estimates that PriestmanGoode’s trains will allow for anywhere between 25 and 60 percent more passengers, depending on the line. “We need every square inch for the passengers,” Priestman says. With these changes, “it’s almost like getting grit out of the system.”


Wired UK.

Crypto wars redux: why the #FBI’s desire to unlock your private life must be resisted


In 1995, the US government tried – and failed – to categorise encryption as a weapon. Today, the same lines are being drawn and the same tactics repeated as the FBI wants to do the same. Here’s why they are wrong, and why they must fail again.

Dragnet surveillanceDragnet surveillance and compromised encryption standards must be resisted. Photograph: Louie Psihoyos/Corbis

Cory Doctorow reporting,

Eric Holder, the outgoing US attorney general, has joined the FBI and other law enforcement agencies in calling for the security of all computer systems to be fatally weakened. This isn’t a new project – the idea has been around since the early 1990s, when the NSA classed all strong cryptography as a “munition” and regulated civilian use of it to ensure that they had the keys to unlock any technological countermeasures you put around your data.

In 1995, the Electronic Frontier Foundation won a landmark case establishing that code was a form of protected expression under the First Amendment to the US constitution, and since then, the whole world has enjoyed relatively unfettered access to strong crypto.

How strong is strong crypto? Really, really strong. When properly implemented and secured by relatively long keys, cryptographic algorithms can protect your data so thoroughly that all the computers now in existence, along with all the computers likely to ever be created, could labour until the sun went nova without uncovering the keys by “brute force” – ie trying every possible permutation of password.

The “crypto wars” of the early 1990s were fuelled by this realisation – that computers were changing the global realpolitik in an historically unprecedented way. Computational crypto made keeping secrets exponentially easier than breaking secrets, meaning that, for the first time in human history, the ability for people without social or political power to keep their private lives truly private from governments, police, and corporations was in our grasp.

The arguments then are the arguments now. Governments invoke the Four Horsemen of the Infocalypse (software pirates, organised crime, child pornographers, and terrorists) and say that unless they can decrypt bad guys’ hard drives and listen in on their conversations, law and order is a dead letter.

On the other side, virtually every security and cryptography expert tries patiently to explain that there’s no such thing as “a back door that only the good guys can walk through” (hat tip to Bruce Schneier). Designing a computer that bad guys can’t break into is impossible to reconcile with designing a computer that good guys can break into.

If you give the cops a secret key that opens the locks on your computerised storage and on your conversations, then one day, people who aren’t cops will get hold of that key, too. The same forces that led to bent cops selling out the public’s personal information to Glen Mulcaire and the tabloid press will cause those cops’ successors to sell out access to the world’s computer systems, too, only the numbers of people who are interested in these keys to the (United) Kingdom will be much larger, and they’ll have more money, and they’ll be able to do more damage.

That’s really the argument in a nutshell. Oh, we can talk about whether the danger is as grave as the law enforcement people say it is, point out that only a tiny number of criminal investigations run up against cryptography, and when they do, these investigations always find another way to proceed. We can talk about the fact that a ban in the US or UK wouldn’t stop the “bad guys” from getting perfect crypto from one of the nations that would be able to profit (while US and UK business suffered) by selling these useful tools to all comers. But that’s missing the point: even if every crook was using crypto with perfect operational security, the proposal to back-door everything would still be madness.

Because your phone isn’t just a tool for having the odd conversation with your friends – nor is it merely a tool for plotting crime – though it does duty in both cases. Your phone, and all the other computers in your life, they are your digital nervous system. They know everything about you. They have cameras, microphones, location sensors. You articulate your social graph to them, telling them about all the people you know and how you know them. They are privy to every conversation you have. They hold your logins and passwords for your bank and your solicitor’s website; they’re used to chat to your therapist and the STI clinic and your rabbi, priest or imam.

That device – tracker, confessor, memoir and ledger – should be designed so that it is as hard as possible to gain unauthorised access to. Because plumbing leaks at the seams, and houses leak at the doorframes, and lie-lows lose air through their valves. Making something airtight is much easier if it doesn’t have to also allow the air to all leak out under the right circumstances.

There is no such thing as a vulnerability in technology that can only be used by nice people doing the right thing in accord with the rule of law. The existing “back doors” in network switches, mandated under US laws such as CALEA, have become the go-to weak-spot for cyberwar and industrial espionage. It was Google’s lawful interception backdoor that let the Chinese government raid the Gmail account of dissidents. It was the lawful interception backdoor in Greece’s national telephone switches that let someone – identity still unknown – listen in on the Greek Parliament and prime minister during a sensitive part of the 2005 Olympic bid (someone did the same thing the next year in Italy).

The most shocking Snowden revelation wasn’t the mass spying (we already knew about that, thanks to whistleblowers like Mark Klein, who spilled the beans in 2005). It was the fact that the UK and US spy agencies were dumping $250,000,000/year into sabotaging operating systems, hardware, and standards, to ensure that they could always get inside them if they wanted to. The reason this was so shocking was that these spies were notionally doing this in the name of “national security”– but they were dooming everyone in the nation (and in every other nation) to using products that had been deliberately left vulnerable to attack by anyone who independently discovered the sabotage.

There is only one way to make the citizens of the digital age secure, and that is to give them systems designed to lock out everyone except their owners. The police have never had the power to listen in on every conversation, to spy upon every interaction. No system that can only sustain itself by arrogating these powers can possibly be called “just.”


The Guardian.

Follow

Get every new post delivered to your Inbox.

Join 1,042 other followers

%d bloggers like this: