Toshiba to debut 64GB USB 3.0 Flash drive

Toshiba will introduce new USB 3.0 flash drives next week at the Consumer Electronics Show next week in Las Vegas, as products using the faster USB interface begin to trickle out.

"SuperSpeed" USB 3.0 is about 10 times faster than current USB technology and will become standard in virtually all laptops when Intel's Ivy Bridge silicon begins shipping this spring.

Toshiba says its TransMemory-EX flash drive will deliver speeds up to 22 times faster than previous models. That's read and write speeds of 220 megabytes per second (MB/s) and 94 MB/s, respectively. That compares to USB 2.0 drives with 34 and 30 MB/s read-write speeds, respectively.

Storage options will be both 32GB and 64GB.

Pricing should be about $102 for the 32 GB TransMemory-EX drive $150 for the 64 GB version, according to a report.

Read more »

Keylogging threat could lead to more attacks, say researchers

A new threat is looming for browsers and it's not related to JavaScript.

Security researcher Mario Heiderich reported to the maker of Firefox last year that he had found an unusual vulnerability in the browser and two other Mozilla products that run on the Gecko engine, Thunderbird, and SeaMonkey. Based in the relatively new technology that allows for animated complex vector graphics in the browser, called SVG animation, the vulnerability allowed for a malware writer to detect key strokes even when JavaScript was disabled.

Basically, he found a way to turn innocuous Web pages into keyloggers. Mozilla patched the vulnerability in Firefox 9, Thunderbird 9, and SeaMonkey 2.6. Then, as is standard operating procedure, they announced to the public what the threat was and that it had been fixed. But the real threat may lie in what the threat wasn't: it wasn't based in JavaScript.

"The basic premise of my research currently is scriptless attacks, meaning attack vectors working in a post-XSS world," Heiderich said in an e-mail. He defined a "post-XSS" world as one where the cross-site scripting attack had been more or less minimized by technologies like sandboxed iFrames, Mozilla's e-mail client Thunderbird and Firefox's Content Security Policy, the JavaScript blocking browser add-on NoScript, and Windows 8.

"The desired goal was to do keystroke logging in the browser, doing so without necessitating JavaScript, so even if you turned off JavaScript it would work," said Jeremiah Grossman, Chief Technical Officer at computer security research firm White Hat Security. "All the browser developers are fixing cross-site scripting. What half a dozen researchers are exploring is what you can do attack-wise in a browser without JavaScript. They're discovering that there's still quite a lot you can do in the browser."

This particular SVG keylogging attack was quite nasty, said Chris Eng, vice president of research at Veracode, a computer security research firm. "The way [it] works is that [the bad guy] binds the letter "a" to an action that causes the browser to sliently issue a request for http://evil.com/?a. Pressing "b" would trigger the browser to silently issue a request for http://evil.com/?b. By "silently" I mean that there's no visual cues to the user that anything is happening--if you were monitoring the network you would see the requests. As long as the attacker controls evil.com and can access the web server logs, he can piece together what the victim is typing, one character at a time."

Eng noted that this kind of problem always erupts whenever new standards are rolled out, especially with "extremely detailed and sometimes difficult to understand" attributes. You don't have to go far to find evidence of this, either. Both Mozilla and Google offer hefty bounties for bug-hunters. Eng both cautioned against screaming that the sky was falling and said that this kind of attack was inherently more interesting to researchers.

As unlikely as Eng said it is for an average browser user to fall victim to these atypical but hard to implement attacks, Heiderich warned that it's not anomalous. "The SVG keylogger is just one example of many, and by far not the most impact ridden one," said Heiderich.

Another factor is that the major browser makers, including Google, Mozilla, Microsoft, Apple, and Opera, are all fairly responsive to fixing these threat vectors when discovered, said Grossman. But that doesn't mean that there aren't steps for the home user to take.

One way to minimize the risk from this kind of modern threat is to compartmentalize your risk, he said. "The best way [to protect yourself] is behavior, not product. Whether in Firefox, IE, or Chrome, I would use any one of the major browsers for secure browsing, such as banking or Facebook. For promiscuous browsing, such as news surfing, I use a different browser.

Eng concurred and said that there aren't many defenses against attacks that don't rely on JavaScript. "You usually have to just wait for the browser bugs to be fixed. So my options are more limited--either don't use that browser at all, use a completely separate browser for trusted sites versus untrusted ones, [or] stay off the Internet."

Read more »

Worm steals more than 45,000 Facebook logins

A nasty bit of malware making the rounds on Facebook has reportedly made off with the usernames and passwords of more than 45,000 users.

Most of those affected by the worm--called Ramnit--are from France and the United Kingdom, according to a bulletin issued by security researchers at Securlet. It is capable of infecting Windows executables, Microsoft Office, and HTML files, according to McAfee.

"We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further," Securlet said in its bulletin. "In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks."

The worm was first discovered in April 2010 stealing sensitive information such as stored FTP credentials and browser cookies. In August 2011, after malware developers borrowed source code from the Zeus botnet, Ramnit "went financial." With that added strength, Ramnit was able to "gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks." Approximately 800,000 machines were infected between September 2011 and the end of the year.

The security researcher has notified Facebook and provided the social-networking giant with all the stolen credentials found on Ramnit's server.

Read more »

Beware of potential Christmas scams

Although a number of people are out looking for the latest deals on gadgets that Apple and others may offer, scammers are in no doubt interested in capitalizing on the increased interest in purchases and promotions.

E-mail scams and other attempts to coerce people into giving up personal information online is nothing new, however, scammers may make extra effort to use Apple's popularity.

Recently, MacFixIt reader Martin F. wrote in about a scam e-mail he received regarding an Apple promotion, which, while obvious to many people as a scam, might be enough for others to fall for it.

The e-mail claims it is from Apple Christmas Awards, and mentions that the recipient is a promotions winner. The e-mail is from an account at "rediffmail.com," which would be the first sign it is not an official Apple e-mail. Additionally, the e-mail asks you to open an attachment, which is a Microsoft Word document.

While the document does not appear to have any malware associated with it, its content is quite obviously a scam. Underneath a large Apple logo, it claims that Apple has created a million iPhone 4S units in commemoration of Steve Jobs, and that winners were selected at random to both receive the phone and an award of around $2 million, from a pool of $250 million that Apple has set aside for this "promotion."

This scam is so poorly done it is almost amusing, but it does serve as a reminder that you may receive such offers and scams both via e-mail and other options throughought this holiday season, some of which might appear to be legitimate offers and promotions. Many of these will likely include malware, but even if they don't, they are designed only to steal your personal information.

Any legitimate offer from a company will have an official Web page at the company's Web site, which you can visit or call to get information on. Ensure you always visit or call the company to confirm the legitimacy of a promotion before accepting it, and never blindly give your information to anyone via e-mail.
And as always, to all the Grinches out there, "You're a three-decker saurkraut and toadstool sandwich, with arsenic sauce!"

Read more »

BitTorrent downloads linked to RIAA, DHS IP addresses

The TorrentFreak blog has outed the RIAA and U.S. Department of Homeland Security as harboring downloaders of pirated songs by hip hop artists and crime-based TV shows, but the RIAA denies it.

TorrentFreak said it used the YouHaveDownloaded.com site to find instances of IP addresses within the RIAA and the DHS linked to downloads of copyrighted content from BitTorrent.

Six RIAA IP addresses were linked to downloads of music by Jay-Z ("American Gangster") and Kanye West ("My Beautiful Dark Twisted Fantasy"), as well as the first five seasons of "Dexter," a "Law and Order SVU" episode and tools for converting audio and tagging MP3 files, according to TorrentFreak.

But RIAA spokesman Jonathan Lamy disputed the report. "This is inaccurate," he said in a statement provided to CNET via e-mail. "We checked the block of IP addresses allocated to RIAA staff to access the Internet and no RIAA employee was responsible for this alleged use of bittorrent."

Asked for comment on that, the TorrentFreak blogger who posted the item, who goes by the alias "Ernesto," told CNET that he stands by the report and provided CNET with six IP addresses that were within the range of IP addresses listed for RIAA on the American Registry for Internet Numbers Whois site. They all came up with material that had been downloaded when a search is conducted on YouHaveDownloaded.com.

Lamy had an explanation for that. "Those partial IP addresses are similar to block addresses assigned to RIAA. However, those addresses are used by a third party vendor to serve up our public Web site," he said. "As I said earlier, they are not used by RIAA staff to access the Internet."
TorrentFreak also said it found more than 900 unique IP addresses at DHS that were used to download copyrighted files from BitTorrent. It did not give examples of the types of content allegedly downloaded by the DHS, which is involved in fighting piracy by seizing pirate domain names.

DHS representatives asked CNET to send a request for comment via e-mail and had not provided comment by late in the day.

The RIAA has been aggressive in its pursuit, and punishment, of people who download pirated content. One of the 26,000 defendants named in RIAA lawsuits is a Minnesota mother of four accused of downloading 24 songs illegally. She was tagged with a $1.5 million judgment by a jury, which was later lowered to $54,000. Under RIAA guidelines, copyright owners can seek $150,000 in damages for each instance of a copyrighted work being illegally downloaded.

If official records can be wrong as the RIAA claims, then this would mean they probably accused people wrongfully also," said Ernesto.

YouHaveDownloaded.com representatives, meanwhile, said that despite the joking nature of the "about" and "privacy" pages of the site, it is legitimate. "The data is real," Suren Ter of the Russia-based site wrote in an e-mail to CNET. "A lot of people admit that we have their data correct. It's statistically impossible without the real data."

Ter acknowledged that there could be false positives on the site, but said the possibility of a mistake is "quite low." Last week, TorrentFreak used the YouHaveDownloaded.com site to find downloads of BitTorrent content associated with IP addresses assigned to Sony Pictures, NBC Universal and Fox Entertainment. And the residential palace of French President Nicholas Sarkozy--a strong proponent of anti-oiracy legislation - was also linked to BitTorrent downloads last week.

Read more »

Senators call for FTC probe of Google's results

Two prominent members of the Senate antitrust subcommittee are urging federal regulators to investigate whether Google unfairly promotes its own properties in search results.

Committee Chairman Herb Kohl (D-Wis.) and Mike Lee (R-Utah) sent a five-page letter (PDF) today to Federal Trade Commission Chairman Jonathan Leibowitz calling for "serious scrutiny" of Google's business practices.


"We believe these allegations regarding Google's search engine practices raise important competition issues," wrote Kohl and Lee, whose committee is already investigating whether Google abuses its power in online search. "We are committed to ensuring that consumers benefit from robust competition in online search and that the Internet remains the source of much free-market innovation."

Representatives from Expedia, Yelp, and Nextag told senators during the Senate Judiciary Committee's antitrust subcommittee hearing in September that the Web giant "doesn't play fair" and "rigs" search results.

Google Executive Chairman Eric Schmidt appeared at the hearing to deny the accusations, and during a tense hearing, Lee tried hard to pin down Schmidt on why results from searches on 650 different products seemed to look fishy. "You've cooked it so that you're always third," Lee said, to which Schmidt responded: "Senator, let me say that I can assure you we haven't cooked anything."

Google fields more than 65 percent of Internet searches in the U.S., according to ComScore market research, and that domination has led to increased scrutiny of the company over the past several years.

Read more »

Comodo adds VPN, attacks competitors

An on-demand Virtual Private Network and a better "quick scan" take their bows in Comodo Internet Security 5.9 (download), released today. Along with the new features, a Comodo Security Solutions spokesman had some tough words for the competition.


Comodo Internet Security 5.9, which despite following the security industry naming convention for paid suites is actually the name of Comodo's free suite, now supports the company's TrustConnect VPN service. TrustConnect uses 128-bit encryption to provide addition Wi-Fi protection, although it doesn't anonymize your traffic like Hotspot Shield does. The TrustConnect integration will automatically detect unsecure Wi-Fi networks and offer to activate the VPN.

The inclusion of support for TrustConnect in Comodo Internet Security does not make the VPN free. Users can pay for the tunnel access on demand, starting at $3.99 for a 24-hour pass, a monthly unlimited subscription for $8.99 a month, or a yearly unlimited subscription for $99.95.

Other changes in Comodo Internet Security 5.9 include a new "quick scan" engine, called Smart Scan. It replaces the Critical Scan option. Comodo's director of Desktop Security Products Egemen Tas says that Smart Scan is based on the company's Autorun Analyzer Technology, although it hasn't released numbers on how much faster users ought to expect Smart Scan to be.

There have also been tweaks to malware removal, some options have moved from the generic Preferences section to the settings panes for the features that they related to. Comodo has also added a download link to Comodo Dragon, the company-branded, security-minded free remix of the Chromium source code that powers Google Chrome. A pop-up window for Comodo's Geekbuddy tech support that appeared in the beta version of version 5.9 was removed, said Comodo spokeswoman Sarah Thomas, because it was "too aggressive."

Criticizing competitors
Tas didn't mince his words when asked about how Comodo differs from its competition. "Other antivirus companies want you to get infected," he told me in a phone interview on Friday. He compared Comodo to an insurance company, which protects you against financial loss, whereas the competition he said is, "like a pharmaceutical company," making money off of selling you a product you must have to survive. He also noted that Comodo has offered a $500 guarantee to customers if they get infected after installing one of Comodo paid products.

"We care about detecting," Tas said, "but it's not the first line of defense. The industry is switching to a more protection-based approach," something he says Comodo has been doing for a long time.
Some of Comodo's competition disagreed that they want customer's PCs to get infected. Representatives from several security suite vendors, including Avast, Kaspersky Lab, Bitdefender, and AVG said that the guarantee was a marketing ploy and pointed to the fine print of the guarantee, which clarifies that Comodo will only pay if the computer can't be repaired "to an operating condition."
Tony Anscombe, a representative from AVG, said in an e-mail, "The comment that most AV companies want consumers to have a breech is just marketing hype that makes for sensational news stories and advertising content."

"There are people who believe the 'conspiracy theory' that security vendors allow malicious software to exist for the benefit of their own business. Kaspersky Lab categorically rejects this notion. Furthermore, we believe it is completely irresponsible for a security vendor to reinforce these kinds of lies," Greg Sabey, senior technology PR manager for Kaspersky Labs, said in an e-mail. "Suggesting that some vendors intentionally allow malicious infections is absurd - trust and reputation make up the foundation of the IT security industry. In fact, Kaspersky Lab has a long track-record of working with international law enforcement agencies to disrupt cyber-crime organizations," he concluded.

In regards to Comodo's payout, Tas wrote in an e-mail to me that, "No one has ever claimed it."
One person who requested anonymity said Comodo is known for being provocative and pointed to a challenge by Comodo CEO Melih Abdulhayoglu to prove that Symantec was better than Comodo. According to the results of the that test, Symantec bested Comodo.

And Andrew Storms, the director of security operations for the security consulting company nCircle, added that while it was doubtful that security suite makers wanted customers to get infected, they probably wouldn't mind if their customers are attacked by known viruses that can be blocked. "After all, anti-virus users experience real return on investment when anti-virus software finds and protects their computer against an some new attack."

Results from independent testing organizations such as AV-Test.org shows that while Comodo ranges between acceptable and very good at offering protection, it's not at the top of the field. AV-Test last looked at Comodo Internet Security 5.3 and 5.4 for its Q2 2011 test in June 2011. Comodo did not receive certification. Nor did Comodo submit to testing by AV-Comparatives' whole product test, whereas many of its competitors do. The most recent Comodo version checked by West Coast Labs' Checkmark certification was Comodo AntiVirus 4.0, more than a year ago. While it's true that some independent organizations such as Matousec rate Comodo's firewall very highly, it's safe to conclude that the suite's overall performance at stopping threats has either been inadequately tested publicly, or could be much improved overall.

The company has also been in the news this year for a digital certificate security breach. While not directly connected to the security suite, it does call into question some of the company's security procedures.

Read more »