nuevos rootkit incorporados en los productos Sony

La compañía de seguridad informática F-Secure escribe en su blog que las memorias flash USM-F de Sony, con lector incorporado de huellas digitales instalan una carpeta oculta en el disco duro del usario.

La carpeta en cuestión contiene archivos que gestionan la autenticación del reconocimiento de huellas digitales, pero que también puede ser usado para almacenar y ejecutar código maligno.

“Si Sony sólo ocultara sus propios archivos, nadie protestaría. Sin embargo, el sistema también puede ser usado para ocultar malware", declara el investigador jefe de F-Secure, Mikko Hypponen.

Peligros ocultos
Un “rootkit" es una herramienta que permite incrustar código de todo tipo en las profundidades del sistema operativo. El propósito es ocultar ante el usuario la existencia de una serie de archivos y programas (en este caso, los archivos que impiden la reproducción no autorizada y copia del CD).

Un rootkit en sí no es perjudicial, pero a menudo es usado para ocultar malware en máquinas infectadas. Por lo mismo, representa un grave riesgo de seguridad.

Fácil de explotar
Hacia fines de 2005 Sony causó gran molestia en el sector tecnológico al instalar un rootkit como protección anticopia en CD de música de Sony BMG.

El escándalo fue un hecho cuando dos semanas después comenzaron a circular troyanos que aprovechaban el rootkit. Sony se vio luego envuelta en una serie de querellas y demandas de indemnización.

F-Secure considera que el nuevo riesgo de seguridad relacionado con las memorias flash de Sony es igual de serio.

“Es fácil explotar el rootkit", indica Hypponen.

F-Secure asegura haber informado a Sony sobre el problema de seguridad que representa su nuevo rootkit. Por ahora, Sony ha negado comentar la situación.

Fuentes: F-Secure / e Infoworld. y DiarioTI

Paramount y DreamWorks escogen el formato HD-DVD

La productora norteamericana Paramount Pictures y Dreamworks Animation han anunciado que lanzarán sus películas únicamente en el formato HD-DVD. Este compromiso de exclusividad incluirá a todas las películas distribuidas por Paramount Pictures, DreamWorks, Paramount Vantage, Nickelodeon Movies, MTV Films y Paramount Home.

Las compañías han hecho oficial el anuncio de exclusividad tras realizar un exhaustivo estudio de mercado del sector de la tecnología audiovisual de Alta Definición.

Para Pablo Romero, director de Marketing de Toshiba en España, “se trata de una decisión muy importante para el formato HD-DVD debido, no sólo a la calidad y cantidad de títulos de estas compañías, sino también a que está basada en un minucioso estudio de las ventajas e inconvenientes tecnológicos y una vez más se ha demostrado la mejor calidad y, además, a menor precio de la tecnología que lideramos".

Nuevas soluciones de seguridad preparadas por Kaspersky

os resultados de crecimiento obtenidos por Kaspersky Lab durante los dos años de trabajo conjunto con Micrones significan la consolidación de la firma rusa en el mercado retail español.

Micronet y Kaspersky Lab han trabajado durante meses y están satisfechas con los productos que lanzarán en breve al mercado de consumo. Los usuarios de antivirus y suite de seguridad encontrarán en la versión 7.0 el equilibrio entre el nivel de detección y el consumo de recursos, con mejoras basadas en tecnología de defensa “Triple Protección".

Kaspersky Antivirus 7.0 y Kaspersky Internet Security 7.0, representan los productos estrella de la nueva generación de Kaspersky y estarán disponibles en el mercado a partir del 18 de septiembre del presente año.

Inside DCSNet, the FBI's Nationwide Eavesdropping Network

Surveillance System Lets FBI Play Back Recordings as They Are Captured, Like TiVo

The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.

The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected.

It's a "comprehensive wiretap system that intercepts wire-line phones, cellular phones, SMS and push-to-talk systems," says Steven Bellovin, a Columbia University computer science professor and longtime surveillance expert.

Slideshow

Snapshots of the FBI Spy Docs

DCSNet is a suite of software that collects, sifts and stores phone numbers, phone calls and text messages. The system directly connects FBI wiretapping outposts around the country to a far-reaching private communications network.

Many of the details of the system and its full capabilities were redacted from the documents acquired by the Electronic Frontier Foundation, but they show that DCSNet includes at least three collection components, each running on Windows-based computers.

The $10 million DCS-3000 client, also known as Red Hook, handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information -- primarily the numbers dialed from a telephone -- but no communications content. (Pen registers record outgoing calls; trap-and-traces record incoming calls.)

DCS-6000, known as Digital Storm, captures and collects the content of phone calls and text messages for full wiretap orders.

A third, classified system, called DCS-5000, is used for wiretaps targeting spies or terrorists.

What DCSNet Can Do

Together, the surveillance systems let FBI agents play back recordings even as they are being captured (like TiVo), create master wiretap files, send digital recordings to translators, track the rough location of targets in real time using cell-tower information, and even stream intercepts outward to mobile surveillance vans.

FBI wiretapping rooms in field offices and undercover locations around the country are connected through a private, encrypted backbone that is separated from the internet. Sprint runs it on the government's behalf.

The network allows an FBI agent in New York, for example, to remotely set up a wiretap on a cell phone based in Sacramento, California, and immediately learn the phone's location, then begin receiving conversations, text messages and voicemail pass codes in New York. With a few keystrokes, the agent can route the recordings to language specialists for translation.

The numbers dialed are automatically sent to FBI analysts trained to interpret phone-call patterns, and are transferred nightly, by external storage devices, to the bureau's Telephone Application Database, where they're subjected to a type of data mining called link analysis.

FBI endpoints on DCSNet have swelled over the years, from 20 "central monitoring plants" at the program's inception, to 57 in 2005, according to undated pages in the released documents. By 2002, those endpoints connected to more than 350 switches.

Today, most carriers maintain their own central hub, called a "mediation switch," that's networked to all the individual switches owned by that carrier, according to the FBI. The FBI's DCS software links to those mediation switches over the internet, likely using an encrypted VPN. Some carriers run the mediation switch themselves, while others pay companies like VeriSign to handle the whole wiretapping process for them.

The numerical scope of DCSNet surveillance is still guarded. But we do know that as telecoms have become more wiretap-friendly, the number of criminal wiretaps alone has climbed from 1,150 in 1996 to 1,839 in 2006. That's a 60 percent jump. And in 2005, 92 percent of those criminal wiretaps targeted cell phones, according to a report published last year.

These figures include both state and federal wiretaps, and do not include antiterrorism wiretaps, which dramatically expanded after 9/11. They also don't count the DCS-3000's collection of incoming and outgoing phone numbers dialed. Far more common than full-blown wiretaps, this level of surveillance requires only that investigators certify that the phone numbers are relevant to an investigation.

The Justice Department reports the number of pen registers to Congress annually, but those numbers aren't public. According to the last figures leaked to the Electronic Privacy Information Center, judges signed 4,886 pen register orders in 1998, along with 4,621 time extensions.

CALEA Switches Rules on Switches

The law that makes the FBI's surveillance network possible had its genesis in the Clinton administration. In the 1990s, the Justice Department began complaining to Congress that digital technology, cellular phones and features like call forwarding would make it difficult for investigators to continue to conduct wiretaps. Congress responded by passing the Communications Assistance for Law Enforcement Act, or CALEA, in 1994, mandating backdoors in U.S. telephone switches.

CALEA requires telecommunications companies to install only telephone-switching equipment that meets detailed wiretapping standards. Prior to CALEA, the FBI would get a court order for a wiretap and present it to a phone company, which would then create a physical tap of the phone system.

With new CALEA-compliant digital switches, the FBI now logs directly into the telecom's network. Once a court order has been sent to a carrier and the carrier turns on the wiretap, the communications data on a surveillance target streams into the FBI's computers in real time.

The Electronic Frontier Foundation requested documents on the system under the Freedom of Information Act, and successfully sued the Justice Department in October 2006.

In May, a federal judge ordered the FBI to provide relevant documents to the EFF every month until it has satisfied the FOIA request.

"So little has been known up until now about how DCS works," says EFF attorney Marcia Hofmann. "This is why it's so important for FOIA requesters to file lawsuits for information they really want."

Special Agent Anthony DiClemente, chief of the Data Acquisition and Intercept Section of the FBI's Operational Technology Division, said the DCS was originally intended in 1997 to be a temporary solution, but has grown into a full-featured CALEA-collection software suite.

"CALEA revolutionizes how law enforcement gets intercept information," DiClemente told Wired News. "Before CALEA, it was a rudimentary system that mimicked Ma Bell."

Privacy groups and security experts have protested CALEA design mandates from the start, but that didn't stop federal regulators from recently expanding the law's reach to force broadband internet service providers and some voice-over-internet companies, such as Vonage, to similarly retrofit their networks for government surveillance.

New Technologies

Meanwhile, the FBI's efforts to keep up with the current communications explosion is never-ending, according to DiClemente.

The released documents suggest that the FBI's wiretapping engineers are struggling with peer-to-peer telephony provider Skype, which offers no central location to wiretap, and with innovations like caller-ID spoofing and phone-number portability.

But DCSNet seems to have kept pace with at least some new technologies, such as cell-phone push-to-talk features and most VOIP internet telephony.

"It is fair to say we can do push-to-talk," DiClemente says. "All of the carriers are living up to their responsibilities under CALEA."

Matt Blaze, a security researcher at the University of Pennsylvania who helped assess the FBI's now-retired Carnivore internet-wiretapping application in 2000, was surprised to see that DCSNet seems equipped to handle such modern communications tools. The FBI has been complaining for years that it couldn't tap these services.

The redacted documentation left Blaze with many questions, however. In particular, he said it's unclear what role the carriers have in opening up a tap, and how that process is secured.

"The real question is the switch architecture on cell networks," said Blaze. "What's the carrier side look like?"

Randy Cadenhead, the privacy counsel for Cox Communications, which offers VOIP phone service and internet access, says the FBI has no independent access to his company's switches.

"Nothing ever gets connected or disconnected until I say so, based upon a court order in our hands," Cadenhead says. "We run the interception process off of my desk, and we track them coming in. We give instructions to relevant field people who allow for interconnection and to make verbal connections with technical representatives at the FBI."

The nation's largest cell-phone providers -- whose customers are targeted in the majority of wiretaps -- were less forthcoming. AT&T politely declined to comment, while Sprint, T-Mobile and Verizon simply ignored requests for comment.

Agent DiClemente, however, seconded Cadenhead's description.

"The carriers have complete control. That's consistent with CALEA," DiClemente said. "The carriers have legal teams to read the order, and they have procedures in place to review the court orders, and they also verify the information and that the target is one of their subscribers."

Cost

Despite its ease of use, the new technology is proving more expensive than a traditional wiretap. Telecoms charge the government an average of $2,200 for a 30-day CALEA wiretap, while a traditional intercept costs only $250, according to the Justice Department inspector general. A federal wiretap order in 2006 cost taxpayers $67,000 on average, according to the most recent U.S. Court wiretap report.

What's more, under CALEA, the government had to pay to make pre-1995 phone switches wiretap-friendly. The FBI has spent almost $500 million on that effort, but many traditional wire-line switches still aren't compliant.

Processing all the phone calls sucked in by DCSNet is also costly. At the backend of the data collection, the conversations and phone numbers are transferred to the FBI's Electronic Surveillance Data Management System, an Oracle SQL database that's seen a 62 percent growth in wiretap volume over the last three years -- and more than 3,000 percent growth in digital files like e-mail. Through 2007, the FBI has spent $39 million on the system, which indexes and analyzes data for agents, translators and intelligence analysts.

Security Flaws

To security experts, though, the biggest concern over DCSNet isn't the cost: It's the possibility that push-button wiretapping opens new security holes in the telecommunications network.

More than 100 government officials in Greece learned in 2005 that their cell phones had been bugged, after an unknown hacker exploited CALEA-like functionality in wireless-carrier Vodafone's network. The infiltrator used the switches' wiretap-management software to send copies of officials' phone calls and text messages to other phones, while simultaneously hiding the taps from auditing software.

The FBI's DiClemente says DCSNet has never suffered a similar breach, so far as he knows.

"I know of no issue of compromise, internal or external," DiClemente says. He says the system's security is more than adequate, in part because the wiretaps still "require the assistance of a provider." The FBI also uses physical-security measures to control access to DCSNet end points, and has erected firewalls and other measures to render them "sufficiently isolated," according to DiClemente.

But the documents show that an internal 2003 audit uncovered numerous security vulnerabilities in DCSNet -- many of which mirror problems unearthed in the bureau's Carnivore application years earlier.

In particular, the DCS-3000 machines lacked adequate logging, had insufficient password management, were missing antivirus software, allowed unlimited numbers of incorrect passwords without locking the machine, and used shared logins rather than individual accounts.

The system also required that DCS-3000's user accounts have administrative privileges in Windows, which would allow a hacker who got into the machine to gain complete control.

Columbia's Bellovin says the flaws are appalling and show that the FBI fails to appreciate the risk from insiders.

"The underlying problem isn't so much the weaknesses here, as the FBI attitude towards security," he says. The FBI assumes "the threat is from the outside, not the inside," he adds, and it believes that "to the extent that inside threats exist, they can be controlled by process rather than technology."

Bellovin says any wiretap system faces a slew of risks, such as surveillance targets discovering a tap, or an outsider or corrupt insider setting up unauthorized taps. Moreover, the architectural changes to accommodate easy surveillance on phone switches and the internet can introduce new security and privacy holes.

"Any time something is tappable there is a risk," Bellovin says. "I'm not saying, 'Don't do wiretaps,' but when you start designing a system to be wiretappable, you start to create a new vulnerability. A wiretap is, by definition, a vulnerability from the point of the third party. The question is, can you control it?"

El secreto del traje del Hombre Araña

Gracias a BBC Mundo Ciencia

Muy pronto no sólo el Hombre Araña podrá escalar paredes y edificios.

Científicos italianos dicen haber descubierto la fórmula para crear un traje que permitiría a su usuario escalar muros verticales como lo hace Peter Parker.

El secreto, publicado en la revista Journal of Physics: Condensed Matter, está basado en la tecnología que usan las arañas y las lagartijas para adherirse a las superficies.

"Estamos en el inicio hacia la realización del traje del Hombre del Araña" dijo a BBC Ciencia el profesor Nicola Pugno, ingeniero y físico del Politécnico de Turín, quien llevó a cabo la investigación.

"Y hemos llegado hasta aquí utilizando los mismos principios de la tecnología natural de las arañas y lagartijas, las llamadas fuerzas de van der Waals", agrega el experto.

Las de van der Waals son las fuerzas de estabilización molecular, es decir la atracción que las moléculas tienen entre sí cuando se les coloca muy de cerca.

En el caso de arañas y lagartijas esta atracción se produce con descargas eléctricas alrededor de las moléculas de miles de millones de pequeños filamentos o "cabellos" en la pata del animal.

Soporte

"Investigaciones previas demostraron que las fuerzas de van der Waals que pueden activar las lagartijas y arañas pueden resultar en una adhesión muy fuerte en las superficies" explica el profesor Pugno.

"Pero el problema que teníamos era cómo trasladar estas propiedades del tamaño de una araña al tamaño de un ser humano", agrega.

Se sabe que las lagartijas son capaces de adherirse a superficies sosteniendo cientos de veces su propio peso.

Pero se pensaba que esta forma natural de adhesión no podría ser suficientemente fuerte para soportar el peso de un ser humano.

Ahora, sin embargo, el profesor Pugno y su equipo calcularon cómo se puede generar suficiente adherencia para soportar el peso de un adulto humano.

"El principal obstáculo es que entre más grande la superficie de contacto, más pequeña es la fuerza de adhesión", explica Pugno.

Por ejemplo, un guante cubierto de "cabellos" de lagartija colocado en la mano de un hombre no será tan adherente como la pata de uno de estos animales.

"Afortunadamente logramos solucionar el problema cuando nos dimos cuenta de que tanto las lagartijas como las arañas sólo usan una fracción de la capacidad de adhesión que tienen disponible por medio de las fuerzas de van der Waals", afirma el científico.

Otros investigadores afirman, teóricamente, que debido a la fuerza acumulativa de atracción la lagartija puede tener una fuerza de adherencia hasta 200 veces más alta que la que utilizan.

"Es por eso que si logramos producir una superficie de contacto que sea más fuerte que la adherencia que se necesita, podremos crear un traje con el mismo poder de adherencia que una lagartija", dice Pugno.

Para esto, los científicos proponen el uso de nanotubos de carbono como una alternativa artificial de los "cabellos" de la lagartija.

Los nanotubos de carbono son pequeñísimos cilindros de carbono ultraresistentes que miden unas cuantas milmillonésimas de metro de diámetro.

Ventanas y rascacielos

Tal como explica el investigador italiano, el futuro traje del Hombre Araña deberá tener varias propiedades.

Lo primero, obviamente, es que debe ser capaz de adherirse con fuerza a cualquier superficie.

En segundo lugar, el traje necesitará despegarse con facilidad de la superficie una vez que ha hecho contacto con ésta.

Y en tercer lugar el traje de Hombre Araña deberá ser impermeable y capaz de auto lavarse.

"Éste es un requisito indispensable porque las partículas de polvo y suciedad podrían entorpecer la capacidad de adherencia del traje", dice Nicola Pugno.

Tanto los ganchos y cabellos de las patas de arañas y lagartijas son auto lavables e impermeables.

El traje deberá también tener estas propiedades para poder utilizarlo bajo la nieve o lluvia, sobre superficies sucias e incluso para que pueda resistir los ambientes más extremos del planeta, incluido el espacio y las aguas profundas.

Según el científico el traje del Hombre Araña, que podría estar listo en unos 10 años, podrá tener muchas aplicaciones interesantes.

"Creemos que podrá ser usado para la exploración del espacio", dice el investigador.

"Pero también podrá tener aplicaciones más triviales como el diseño de guantes y zapatos para la gente que limpia ventanas en rascacielos".

The Future of the Workplace: No Office, Headquarters in Cyberspace

I find this article , and i think is very interesting that we can read it.

Extract From http://abcnews.go.com/WN/story?id=3521725&page=1

Some Companies Don't Care Where Workers Are as Long as They Get the Job Done

By BETSY STARK
ABC NEWS Business Correspondent
Aug. 27, 2007

Imagine a work world with no commute, no corporate headquarters and perhaps not even an office in the physical world at all.

For Bob Flavin, a computer scientist at IBM; Janet Hoffman, an executive at a management consulting firm; and Joseph Jaffe, a marketing entrepreneur, the future is already here.

Watch the full report from Betsy Stark tonight on "World News with Charles Gibson" at 6:30 p.m. EDT.

"These days we do so much by teleconference it really doesn't matter where you are," Flavin said.

Like 42 percent of IBM's 350,000 employees, Flavin rarely comes in to an IBM office.

"We don't care where and how you get your work done," said Dan Pelino, general manager of IBM's global health care and life sciences business. "We care that you get your work done."

IBM says it saves $100 million a year in real estate costs because it doesn't need the offices.

Head to Work, in Cyberspace

On the day we met Flavin, he was collaborating with computer scientists in British Columbia and Beijing from the on-call room of the local ambulance corps where he works as a volunteer.

The work force at the Accenture management consulting firm is so mobile not even the CEO has an office with his name on the door.

With no corporate headquarters, if you need a work space, you reserve it like a hotel room — checking in and out at a kiosk.

"Having a big desk as a sign of status with lots of family photos and you know, carpeting that's fluffy and nice, that is a vision of the past," said Hoffman, executive vice president of Accenture.

In the future, more companies with scattered work forces and clients may do what the marketing firm Crayon is doing: making its headquarters in cyberspace.

Crayon's workers rarely meet in the physical world — some are in Boston, others are in Nutley, N.J. — but their online alter egos in the virtual world gather once a week.

We never met Crayon's CEO in person but we spent a couple of hours together in cyberspace.

"Our belief is if we bring like minds together no matter where they are in the world we can actually create that connectedness as if we're actually at the same place at the same time," said Jaffe, Crayon's CEO.

Maintaining a community is essential at IBM, where Pelino said isolation is a "significant" issue. There's even a joke at the company that the name stands for "I'm by Myself."

"The casual meeting of colleagues in the cafeteria or at the water cooler is actually quite valuable and something you find you eventually miss when working at home," Flavin said. "We actually have to deliberately schedule some common lunches to make sure that we keep in contact." The company has also started to organize spirit clubs to foster a community. As Pelino put it, "You have to create these types of venues where you bring people together and magical things start to happen."

GPS Nokia 500 Auto Navigation

Además de los accesorios para móvil Nokia también nos presenta una solución para coche, el Nokia 500 Auto Navigation, un GPS con manos libres integrado.

Gracias a la conectividad Bluetooth el Nokia 500 permite realizar y contestar llamadas a través de un móvil compatible, pudiendo buscar los contactos de la agenda por su generosa pantalla panorámica de 4,3”, mientras que el sistema Digital Signal Processing (DSP) garantiza la calidad del audio.

Para la navegación dispone de un GPS de alta sensabilidad, instrucciones por voz y el software Nokia Maps, con la información de los puntos de interés, que gracias a la integración con el móvil pone a nuestra disposición los teléfonos y direcciones de contacto de cada uno de ellos.

Tampoco le falta capacidad de entretenimiento para los largos viajes, con reproducción de música y vídeo y acceso a la radio del coche (esto último no disponible en todos los países). Estará disponible en el último trimestre del año a un precio estimado de 300 euros más impuestos.