Hackers wanted $50,000 to keep Symantec source code private

As part of a sting operation, Symantec told a hacker group that it would pay $50,000 to keep the source code for some of the its flagship security products off the Internet, the company confirmed to CNET this evening.

An e-mail exchange revealing the extortion attempt posted to Pastebin (see below) today shows a purported Symantec employee named Sam Thomas negotiating payment with an individual named "Yamatough" to prevent the release of PCAnywhere and Norton Antivirus code. Yamatough is the Twitter identity of an individual or group that had previously threatened to release the source code for Norton Antivirus.

"We will pay you $50,000.00 USD total," Thomas said in an e-mail dated Thursday. "However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain."
A Symantec representative confirmed for CNET the extortion attempt in this statement:

In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

However, after weeks of discussions regarding proof of code and how to transfer payment, talks broke down and the deal was never completed. A group called AnonymousIRC tweeted this evening that it would soon release the data. "#Symantec software source codes to be released soon. stay tuned folks!!! #Anonymous #AntiSec #CockCrashed #NortonAV."

Apparently after weeks of discussions, Yamatough's patience was wearing thin, leading to an ultimatum:

 "If we dont hear from you in 30m we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code. Dont f*** with us."

The exchange gets contentious at times, with Yamatough suggesting that Symantec was trying to track the source of the e-mails.

 "If you are trying to trace with the ftp trick it's just worthless. If we detect any malevolent tracing action we cancel the deal. Is that clear? You've got the doc files and pathes [sic] to the files. what's the problem? Explain."

Another e-mail, with the subject line "say hi to FBI," accuses the company of being in contact with the federal law enforcement agency, a charge Thomas denied. "We are not in contact with the FBI," he wrote, falsely. "We are using this email account to protect our network from you. Protecting our company and property are our top priorities."

Yamatough demanded that Symantec transfer the money via Liberty Reserve, a payment processor based in San Jose, Costa Rica. But Thomas appears reluctant, calling it "more complicated than we expected." Thomas instead suggests using PayPal to transmit a $1,000 test as "a sign of good faith." Yamatough rejects that offer, saying, "Do not send us any money (we do not use paypal period) do not send us any 1k etc. We can wait till we agree on final amount."

Liberty Reserve did not immediately respond to a request for comment.

The posted thread ends with an exchange today with the subject line "10 minutes" that threatens to release the code immediately if Symantec doesn't agree to use the payment processor to transfer the funds.

 "Since no code yet being released and our email communication wasnt also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it."

Thomas' response, apparently the last of the discussion, is brief: "We can't make a decision in ten minutes. We need more time."

Symantec admitted in mid-January that a 2006 security breach of its networks led to the theft of the source code, backtracking on earlier statements that its network had not been hacked. The security software maker initially said a third party was responsible for allowing the theft of 2006-era source code for Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack), and PCAnywhere.

Symantec said that most of it customers were not in any increased danger of cyberattacks as a result of the code's theft but that users of its remote-access suite PCAnywhere may face a "slightly increased security risk."

Symantec instructed its PCAnywhere users in late January to disable the product until the company could issue a software update to protect them against attacks that could result from the theft of the product's source code.

The theft came to light in early January when hackers claimed that they had accessed the source code for certain Symantec products, which Symantec identified as Symantec Endpoint Protection (SEP) 11.0 and Symantec Antivirus 10.2. Evidence at the time suggested that hackers found the code after breaking into servers run by Indian military intelligence.

A hacker group calling itself Yama Tough and employing the mask of hacktivist group Anonymous in its Twitter avatar said in a tweet last month that it would release 1.7GB of source code for Norton Antivirus, but the group said in a later tweet that that it had decided to delay the release.

Read more »

Microsoft Bing page tips off new Windows 8 Consumer Preview

Microsoft has already cooked up a special Bing page tempting users to check out its upcoming Windows 8 "Consumer Preview."

The first clue is the video of a betta fish swimming from one edge of the screen to the other. Thought of as Microsoft's mascot for beta versions of new operating systems, that particular fish swam its way onto the desktop of the beta for Windows 7 in 2009.

But other more obvious clues are the hot spots and links scattered across the screen that refer specifically to Windows 8 Consumer Preview. Since the page is still a work in progress, most of the links don't yet work. The only two that do bring you to a page for developers eager to create Metro-based apps and another one for Microsoft's Building Windows 8 blog.

Due to launch by the end of the month, the Consumer Preview is Microsoft's newly-christened name for the beta of Windows 8, a follow-up to the Developer Preview unveiled last September. But the Developer Preview has triggered some complaints and concerns among the Microsoft faithful.

PC users in particular have been jarred by the emphasis on the Metro UI and touch-based devices, with some feeling that the new OS is less friendly to those relying on mouse and keyboard. Microsoft has been open about the changes in Windows 8 though its Building Windows 8 blog series and at the same time responsive to certain criticism.

The company has already tweaked Windows 8 since the Developer Preview to provide more flexibility to the Metro UI, Windows Explorer, and other key features.

Microsoft has also stressed that the Developer Preview was an early glimpse of the new OS and has promised that the Consumer Preview will be different.

Still, Windows 8 does represent a radical change over previous versions of Windows. Microsoft has taken on a risky bet of trying to make its next OS all things to all people, or rather, to all devices. The upcoming Consumer Preview should better answer the question of whether that bet will pay off.

Read more »

Samsung flubs its Apple Super Bowl dis

commentary Samsung wants fanboys to leave Apple's lines...only to get into another queue?

That's the footnote on an otherwise entertaining TV ad by Samsung that aired during the Super Bowl yesterday.

As it's done before, Samsung's pitch was effectively "why wait in line when you could have this, and have it right now?!" going so far as to say "the next big thing is already here...again." In this case, the only problem with that is that the product being advertised is not out yet.

The Note, the gadget that's a cross between a phone and a tablet, made its debut at the Consumer Electronics Show in January. It hits stores February 19, which is a week from this coming Sunday. While not that far off from a release, Samsung's angle here is perhaps a tad disingenuous.

Much of the drive behind Samsung's ad campaign--which, to be sure, is quite funny to someone who's covered just about every Apple product launch for the past few years--has been availability. Samsung's not so subtly been poking fun at the fact that people have a habit of lining up for Apple's products. But what exactly are these shoppers lining up for, and in multiple cities no less?

When Samsung began this campaign, the target was clear: the iPhone 4S. The device had been released just weeks before the ad came out, and there were places where people were still lining up to get one. In February though? Not so much.

Perhaps then everyone's in line for the iPad 3 in this ad, a product that has not yet been announced. That's actually believable in a ripped-from-the-headlines sort of way given that there was a man who did just that last August, nearly a month before Apple even took the wraps off what would turn out to be the iPhone 4S.

Of course the bigger overarching poke at Apple are the features, which the ad works to drive home by pointing out one of the line-goers being impressed with it having a stylus ("It's got a pen!?") and offering the capability to draw on photos, shoot video, and do video chats with friends. Short of the stylus, which late Apple co-founder Steve Jobs said "nobody" wanted while introducing the iPhone in 2007, those are all features iPhone users have had for the past two generations of devices.

So what should people be taking away from this ad then? The same thing we got from the last one, which is that the fight between these two companies in the courtroom has now entered your living room, and has the final destination of your pocket and pocketbook. As soon as you can buy the thing, that is.

Read more »

3D printer produces new jaw for woman

An elderly woman has received a replacement titanium jaw, an operation participants say demonstrates the potential of patient-specific body implants.

Belgian company LayerWise today said that it produced an entire jaw using additive manufacturing, a technique that allows fabricators to make an item directly from a CAD drawing. The transplant demonstrates that precision 3D printing can be effective for both bones and organ implants, the company said.

The method selectively heats metal powder particles with a laser to construct an object layer by layer. Using this method allows LayerWise to create complex shapes that a custom made for patients and don't require glue or multiple parts.

"It used a laser beam to melt successive thin layers of titanium powder together to build the part," Ruben Wauthle, LayerWise's medical applications engineer, told the BBC. "This was repeated with each cross section melted to the previous layer. It took 33 layers to build 1mm of height, so you can imagine there were many thousand layers necessary to build this jawbone."

The woman who received the titanium jaw suffered from progressive osteomyelitis, which led to the decision to replace the entire bone. The operation was a success. The implant return the woman's jaw line and allowed her to speak and swallow normally again, according to LayerWise.

"The new treatment method is a world premiere because it concerns the first patient-specific implant in replacement of the entire lower jaw," Professor Dr. Jules Poukens, who was part of a team that worked on the implant, said in a statement.

The implant, which is coated with a bioceramic coating over the metal, is made with cavities to promote muscle and nerve attachment.

Read more »

Why Apple's A5 is so big--and iPhone 4 won't get Siri

Apple's A5 processor includes noise-reduction circuitry licensed from a start-up called Audience, and a chip analyst believes that fact resolves an iPhone 4S mystery and explains why the iPhone 4 lacks the Siri voice-control system.

Audience revealed details of its Apple partnership in January, when it filed paperwork for an initial public offering (IPO) of stock. Teardown work from iFixit and Chipworks revealed a dedicated Audience chip in the iPhone 4, but the iPhone 4S integrates Audience's "EarSmart" technology directly into the A5 processor, the company's S-1 filing said.

The details answered a question that Linley Group analyst Linley Gwennap had about the A5 chip that powers the iPhone 4S: why is it so big? Larger processors are more expensive and can consume more power, and chip designers strive to trim every last square millimeter from their designs.

"Even after accounting for the dual Cortex-A9 CPUs and the large GPU that provides the A5 with industry-leading 3D graphics performance, the remaining die area seems too large for the usual mundane housekeeping logic," Gwennap said in a report yesterday. "To reduce system cost and eliminate the extra package required for the Audience chip, Apple cut a deal to integrate the noise-reduction technology directly into its A5 processor, which appears in the iPhone 4S."

Audience also said in its filing that its iPhone 4-era technology was good only when the phone was held near the speaker's mouth. Audience's noise-reduction technology built into the iPhone 4S is better, though.
"This situation helps explain why Apple does not offer Siri as a software upgrade on the iPhone 4. Although the older phone includes an Audience chip, the company has since improved its technology to handle 'far-field speech,' which means holding the device at arm's length rather than directly in front of the mouth," Gwennap said.

Siri support has been a contentious issue for some owners of earlier iPhones. Hacks to bring Siri to older iPhones generally require technically complicated measures.

Audience said in its filing that its partnership to license its noise-reduction intellectual property (IP) began bearing fruit in the last quarter of 2011:

Commencing in the three months ended December 31, 2011, Apple has integrated our processor IP in certain of its mobile phones. Pursuant to our agreement, this OEM [original equipment manufacturer] will pay us a royalty, on a quarterly basis, for the use of our processor IP for all mobile phones in which it is used.

Audience's second-generation technology, which introduced its far-field noise-reduction technology, began shipping in 2011, the company said in its filing. The iPhone 4 arrived in 2010, before far-field was included.
A third generation of Audience's noise-reduction technology is on the way, too, and Apple is a licensee, though Audience cautioned that Apple isn't contractually required to use it. Where it would likely be integrated is within the purported A6 expected to power the purported iPad 3.

"We have granted a similar license to this OEM for a new generation of processor IP; however, this OEM is not obligated to incorporate our processor IP into any of its current or future mobile devices," Audience said.

Apple isn't the only customer, though it's certainly the most prestigious. Other customers include HTC, LG, Pantech, Samsung, Sharp, and Sony, Audience said, for products such as Samsung's Galaxy S II, HTC's Titan, and Sony's Tablet S.

The Apple partnership has been lucrative for Audience, though the company didn't break out specific numbers.

"Foxconn, one of Apple's CMs [contract manufacturers], accounted for 81 percent and 70 percent of our total revenue in 2010 and the nine months ended September 30, 2011, respectively," Audience said. The 2010 revenue was $47.9 million, with a net income of $4.8 million, the company's first profitable year. For the first three quarters of 2011 revenue was $79.7 million with net income of $13.9 million.

EarSmart uses a digital signal processor to try to remove background noise and secondary voices so phone calls sound better when people are in restaurants, trains, or other noisy environments.

"Imitating the complex processing that occurs from the inner ear to the brain, Audience's intelligent EarSmart technology distinguishes and interprets sounds as people do naturally," the company says of its technology. "In a mobile device, the earSmart processor effectively isolates and enhances the primary voice signal and suppresses surrounding noise--for both transmit and receive--to enable clear conversations nearly anywhere."

Screening out noise gets harder when people are holding their phones farther from their mouths, as often happens while videoconferencing, making hands-free calls in a car, and issuing voice commands such as with the Siri system.

"Far-field uses are more vulnerable to background noise interference and poor voice quality given the speaker's distance from the device," Audience said.

In other words, without the latest Audience technology, Siri can't hear you so well.

Read more »

CEO Appleton reflected Micron's high-risk business

Steve Appleton mirrored the survivalist streak in the company he led.
Micron Technology CEO Appleton died Friday at 51 years old when a high-performance Lancair plane he was piloting crashed at Boise Airport in Idaho.

Lancairs aren't easy to fly. In fact, they're difficult enough that the Federal Aviation Administration gave notice to Lancair operators in 2009 that the planes had a "disproportionate" number of fatal accidents.
Though Lancairs accounted for only 3 percent of the nation's amateur-built airplanes, they accounted for 16 percent of the fatal accidents in the 11 months prior to the notice, according to Bloomberg.

"The plane's aerodynamic stalls, which result from loss of lift, are more violent than in other small planes," Bloomberg said, quoting Steve Wallace, former chief of safety at the FAA. And most of those crashes occurred near the runway.
The Idaho Statesman said Appleton's flight lasted only 80 seconds.

 Micron wasn't easy to pilot either. And the company always seemed to be a couple of quarters away from collapse. In the last few years, Micron has had a string of quarterly losses and reported an annual profit in only 4 of the past 10 calendar years. And the company laid off thousands of workers in 2009 when it closed manufacturing operations in Boise, Idaho, where its headquarters are located.

It's all part and parcel of the memory chip industry's notorious boom-and-bust cycles that have brought much bigger companies than Micron to their knees, including Texas Instruments, Hitachi, NEC, Hynix, and lately Japan-based Elpida.

But, amazingly, Micron has survived through decades of turbulence and is the only remaining U.S.-based maker of DRAM after Asia-based memory manufacturing giants crushed U.S. pioneers Intel and TI.
And in keeping with Micron's survivalist streak, it hooked up with Intel and dove headlong into the flash memory business in 2005. At that time, Micron and Intel reportedly received a $500 million prepayment from Apple so Apple could secure a supply of flash memory.

That company, Intel-Micron Flash Technologies, now has leading-edge flash chip manufacturing plants in Lehi, Utah; Manassas, Virginia; and Singapore.

"To play and win in the memory business you have to be a daredevil at heart. Fearless, courageous, and confident. Steve demonstrates these characteristics in spades," Semiconductor Industry Association Chairman Ray Stata said when presenting Appleton with the prestigious Robert N. Noyce award in November of last year.

And the memory chip business will always be high risk--something Appleton understood very well.

Read more »

Anonymous hacks lawyers for Marine accused of Iraq massacre

In a string of attacks today, members of the digital activist group Anonymous apparently hacked into the Web site of defense lawyers for a U.S. Marine accused of leading a civilian massacre in Iraq, and have reportedly acquired e-mails exchanged by attorneys in the case.

They also reportedly: published the names, addresses and other information of more than 700 officers in Texas after compromising the Texas Police Association's Web site allegedly over a cop being investigated for child porn; attacked a Salt Lake City police Web site to protest an anti-graffiti bill; defaced a Boston police department site over alleged police brutality during Occupy Boston protests; and attacked the site of Greece's justice ministry over the country's bailout by the European Union and the International Monetary Fund.

The Web site of the law firm Puckett & Faraj, which represented Marine Sgt. Frank Wuterich in his recent court martial, was inaccessible this morning. Wuterich allegedly led a group of Marines in shooting 24 unarmed Iraqi civilians in 2005. The original murder charges were reduced and ultimately dropped entirely as part of an agreement last week in which Wuterich pled guilty to one count of negligent dereliction of duty. He was demoted in rank to private and will have to forfeit some of his pay, but will serve no time.

"As part of our ongoing efforts to expose the corruption of the court systems and the brutality of US imperialism, we want to bring attention to USMC SSgt Frank Wuterich who along with his squad murdered dozens of unarmed civilians during the Iraqi Occupation," Russian news site RT.com reported, quoting from a message that appeared on the law firm's defaced Web site. "Can you believe this scumbag had his charges reduced to involuntary manslaughter and got away with only a pay cut?"

"Meanwhile, Bradley Manning who was brave enough to risk his life and freedom to expose the truth about government corruption is threatened with life imprisonment," the message said."When justice cannot be found within the confines of their crooked court systems, we must seek revenge on the streets and on the internet - and dealing out swift retaliation is something we are particularly good at. Worry not comrades, it's time to deliver some epic ownage."

The hackers also said they had nearly three gigabytes of e-mails from the law firm that they planned to leak to the public.

"How do you think the world will react when they find out Neal Puckett and his marine buddies have been making crude jokes about the incident where marines have been caught on video pissing on dead bodies in Afghanistan?" the message says. "We believe it is time to release all of their private information and court evidence to the world and conduct a People's trial of our own."

Anonymous has a history of hacks in support of WikiLeaks and Bradley Manning, the U.S. Army soldier arrested for leaking classified information to WikiLeaks, and often releases embarrassing data stolen from hacked law enforcement and police Web sites. Earlier today, members of the group created a stir with the release of a recording of a conference call between the FBI and U.K. law enforcement over Anonymous and affiliate hackers.

Read more »