Connect with us

Tech

Microsoft: SolarWinds attack took more than 1,000 engineers to create – ZDNet

Published

 on


The months-long hacking campaign that affected US government agencies and cybersecurity vendors was “the largest and most sophisticated attack the world has ever seen,” Microsoft president Brad Smith has said, and involved a vast number of developers.

The attack, disclosed by security firm FireEye and Microsoft in December, may have impacted as many as 18,000 organizations as a result of the Sunburst (or Solorigate) malware planted inside SolarWinds’s Orion network management software.   

“I think from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen,” Smith told CBSNews’ 60 Minutes

Microsoft, which was also breached by the bad Orion update, assigned 500 engineers to investigate the attack said Smith, but the (most likely Russia-backed) team behind the attack had more than double the engineering resources. 

“When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000,” said Smith. 

Among US agencies confirmed to have been affected by the attacks include the US Treasury Department, the Cybersecurity and Infrastructure Agency (CISA), The Department of Homeland Security (DHS), and the US Department of State, and the US Department of Energy (DOE)

Smith has previously raised alarm over the attack because government backed cyber attackers focusing on the technology supply chain pose a risk for the broader economy. 

“While governments have spied on each other for centuries, the recent attackers used a technique that has put at risk the technology supply chain for the broader economy,” Smith said after disclosing the attacks

He said this was an attack “on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency.”

Smith highlighted to 60 Minutes that the attackers re-wrote just 4,032 lines of code within Orion, which consists of millions of lines of code. 

Kevin Mandia, CEO of FireEye also discussed how the attackers set off an alarm but only after the attackers had successfully enrolled a second smartphone connected to a FireEye employee’s account for its two-factor authentication system. Employees need that two-factor code to remotely sign in the company’s VPN.

“Just like everybody working from home, we have two-factor authentication,” said Mandia. 

“A code pops up on our phone. We have to type in that code. And then we can log in. A FireEye employee was logging in, but the difference was our security staff looked at the login and we noticed that individual had two phones registered to their name. So our security employee called that person up and we asked, “Hey, did you actually register a second device on our network?” And our employee said, “No. It wasn’t, it wasn’t me.”

Charles Carmakal, senior vice president and chief technology officer at FireEye’s Mandiant incident response team, previously told Yahoo News that FireEye’s security system alerted the employee and the company’s security team to the unknown device that supposedly belonged to the employee. 

The attackers had gained access to the employee’s username and password via the SolarWinds update. Those credentials allowed the attacker to enroll the device in its two-factor authentication system. 

The Orion updates weren’t the only way that companies were infiltrated during the campaign, which also involved the hackers gaining access to cloud applications. As many 30% of the organisations breached had no direct link to Solar Winds according to a report in The Wall Street Journal.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Apple Faces UK Antitrust Investigation Into App Store – BNN

Published

 on


U.K. antitrust authorities opened a probe into Apple Inc’s app payment rules, adding to a slew of global probes examining the control the iPhone maker holds over app developers.

The Competition and Markets Authority said it will focus on how Apple forces customers to use its own payment system for in-app purchases and will weigh the company’s potentially “dominant” position in the supply of apps on iPhones and iPads.

“Complaints that Apple is using its market position to set terms which are unfair or may restrict competition and choice -– potentially causing customers to lose out when buying and using apps -– warrant careful scrutiny,” said Andrea Coscelli, who leads the CMA.

The probe adds to growing U.S. and EU antitrust scrutiny of Apple’s rules that require apps to use its own in-app payment system. Apple’s control of payments allows it to enforce a subscription fee of up to 30 per cent for some subscription fees. The Dutch competition authority is also examining whether users get a free choice of payments on phones that restrict rival contactless payment, such as Apple phones.

The investigation was partially prompted by concerns from developers, the CMA said. Epic Games Inc., the maker of the Fortnite battle game, is suing Apple in the U.S. and Australia over the issue and recently lost an attempt to pursue legal action against the Apple app stores at the U.K.’s antitrust tribunal.

The Apple probe comes as the U.K. watchdog seeks to move to the forefront of tech regulation after emerging from the shadow of European Union regulators at the end of Britain’s Brexit transition. It is preparing to set up a tech-focused unit and has warned that the largest companies will face extra scrutiny of everything from mergers to monopoly behavior.

Apple said in a statement that it looks forward to working with the CMA to “to explain how our guidelines for privacy, security and content have made the App Store a trusted marketplace for both consumers and developers.”

The investigation “shows the impact of Brexit,” said Damien Geradin, a lawyer representing some of the developers that filed complaints. “It gives a lot of freedom to the CMA, which now doesn’t need authorization” from the EU, he said.

Geradin said that while the CMA probe was likely to focus on in-app purchases, the regulators may broaden the scope to consider issues such as why Apple only allows one app store on its devices.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

‘RIP SN10’: SpaceX rocket goes up in flames after landing – Al Jazeera English

Published

 on


Starship rocket SN10 blows up eight minutes after appearing to nail landing, the third prototype to be destroyed.

The third time appeared to be the charm for Elon Musk’s Starship prototype rocket, until it wasn’t.

The rocket soared into the sky in a high-altitude test on Wednesday from Boca Chica in Texas, then flew itself back to Earth and manoeuvred into its first – successful – upright landing.

But the triumph was short-lived.

“A beautiful soft landing,” a SpaceX commentator said during a live broadcast of the test flight, as an automated fire-suppression system trained a stream of water on flames still burning at the base of the rocket.

About eight minutes later it blew itself to pieces, lurching into the air and crashing back to the ground.

There was no immediate explanation for what went wrong.

SN10 was the third Starship to be destroyed in a fireball although it came far closer to achieving a safe, vertical touchdown than two previous models – SN8 in December and SN9 in February. The rocket is being developed by SpaceX to carry people and cargo on future missions to the Moon and Mars.

For Elon Musk, the billionaire SpaceX founder who also heads the electric carmaker, Tesla, the outcome was mixed news.

This screengrab made from SpaceX’s live webcast shows the Starship SN10 prototype as it prepares to land during the second attempted test flight of the day [Jose Romero/SpaceX via AFP]

In a tweet responding to tempered congratulations from an admirer of his work, Musk replied, “RIP SN10, honorable discharge.”

The video feed provided by SpaceX on the company’s YouTube channel cut off moments after the landing. But separate fan feeds streamed over the same social media platform showed an explosion suddenly erupting at the base of the rocket, hurling the SN10 into the air before it crashed to the ground and became engulfed in flames.

The complete Starship rocket, which will stand 394-feet (120 metres) tall when connected with its super-heavy first-stage booster, is SpaceX’s next-generation fully reusable launch vehicle – the centre of Musk’s ambitions to make human space travel more affordable and routine.

The first orbital Starship flight is planned for year’s end.

On Wednesday, Japanese billionaire and online fashion tycoon Yusaku Maezawa, who paid an undisclosed sum for a SpaceX lunar spaceship trip, invited eight people from around the world to join him.

The Starship tests take place in a nearly deserted area leased by SpaceX in southern Texas near the border with Mexico and the Gulf of Mexico.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Google Chrome: It's time to ditch the browser – ZDNet

Published

 on


Google Chrome is the most-used browser on the internet. The browser rose to fame as an alternative to slow, sluggish incumbents — Internet Explorer and Safari. But Google Chrome has become the new leader, and as a result has itself become the sluggish incumbent.  

It became the thing we hated. We created a monster.

It’s time for a change.

Also: Actively exploited Chrome browser zero-day vulnerability patched

I don’t say this lightly.

Over the past few months, I’ve been testing browsers, examining things like performance, memory usage, battery usage, and overall feel of using the browser.

I know that picking the “best” browser is a personal and potentially controversial thing. It’s a bit like asking whose Mom makes the best apple pie (mine, of course), or whether it’s cats or dogs that rule (cats, because dogs are just a rubbish, attention-seeking kind of cat).

The answers are personal. Specific to the individual use case.

But, with that said, I can still come up with a number of good reasons to dump Chrome.

Power usage

If your device is powered by a battery, then you’re best using the stock browser.

On Windows, that is Edge, and on Mac and iOS that’s Safari. Both have been highly tuned to the platform they are running on and offer the best battery life and thermal performance possible.

Yes, you can tweak and fiddle with Chrome to make things better, but better is still far from best.

Also: Google is really annoyed you’re using Microsoft Edge

When I switched from Chrome to Safari on my daily driver MacBook Pro, I was getting over an hour of extra battery life, which is a very significant gain.

Switching to Safari on the iPhone also got me significantly better battery life, but it’s harder to measure since the browser isn’t the main focus of my day on that platform.

For the best possible battery and power performance, use the stock browser.

Period.

Operating system optimizations

One of the great “selling” points of Google Chrome is that you get a streamlined, consistent experience across all the platforms you are using.

That’s nice for sure, but after using Edge and Safari on their respective platforms for a few weeks, I was surprised to find how clunky that experience actually is, compared to the stock browser.

It’s hard to put it into words, but Safari on Mac or Edge on Windows feel like an extension of the operating system. It’s a smoother transition between the OS and the browser. Coming back to Chrome suddenly felt clumsy (and this is when I also noticed the sluggish performance the most).

Having a choice

Google Chrome is a great tool for Google to slurp up a lot of data, both to find out how people use the internet and also things like passwords and payment details to keep us locked into the ecosystem.

While I’m not paranoid about my data, I’m a fan of having a choice over where my data is stored and how it’s used, and what companies I choose to work with, and being able to pick and choose what works best for me, not what is convenient.

The big exception

And that is Android. Here Google Chrome is the winner. I’ve played with other browsers on this platform, but Chrome is the one that works best. It is, after all, the stock browser, and as such as been tweaked to give the best performance.

What browser do you use? Why do you use it? When was the last time you tried a different browser?

ZDNet Recommends

Let’s block ads! (Why?)



Source link

Continue Reading

Trending