Hackers use Dropbox, WordPress to spread malware

The Chinese cyberspies behind the widely publicized espionage campaign against The New York Times have added Dropbox and WordPress to their bag of spear-phishing tricks.

The gang, known in security circles as the DNSCalc gang, has been using the Dropbox file-sharing service for roughly the last 12 months as a mechanism for spreading malware, said Rich Barger, chief intelligence officer for Cyber Squared. While the tactic is not unique, it remains under the radar of most companies.

“I wouldn’t say it’s new,” Barger said on Thursday. “It’s just something that folks aren’t really looking at or paying attention to.”

The gang is among 20 Chinese groups identified this year by security firm Mandiant thatlaunch cyberattacks against specific targets to steal information. In this case, the DNSCalc gang was going after intelligence on individuals or governments connected to the Association of Southeast Asian Nations. ASEAN is a non-governmental group that represents the economic interests of ten Southeast Asian countries.

The attackers did not exploit any vulnerabilities in Dropbox or WordPress. Instead, they opened up accounts and used the services as their infrastructure.

The gang uploaded on Dropbox a .ZIP file disguised as belonging to the U.S.-ASEAN Business Council. Messages were then sent to people or agencies that would be interested in the draft of a Council policy paper. The paper, contained in the file, was legitimate, Barger said.

When a recipient unzipped the file, they saw another one that read, “2013 US-ASEAN Business Council Statement of Priorities in the US-ASEAN Commercial Relationship Policy Paper.scr.” Clicking on the file would launch a PDF of the document, while the malware opened a backdoor to the host computer in the background.

Once the door was open, the malware would reach out to a WordPress blog created by the attackers. The blog contained the IP address and port number of a command and control server that the malware would contact to download additional software.

Dropbox is a desirable launchpad for attacks because employees of many companies use the service. “People trust Dropbox,” Barger said.

For companies that have the service on its whitelist, malware moving from Dropbox won’t be detected by a company’s intrusion prevention systems. Also, communications to a WordPress blog would likely go undetected, since it would not be unusual behavior for any employee with access to the Internet.

In general, no single technology can prevent such an attack. “There’s no silver bullet here,” Barger said.

The best prevention is for security pros to share information when their companies are targeted, so others can draw up their own defense, he said.

In The New York Times attack, the hackers penetrated the newspaper’s systems in September 2012 and worked undercover for four months before they were detected.

The attack coincided with an investigative piece the newspaper published on business dealings that reaped several billion dollars for the relatives of Wen Jiabao, China’s prime minister.

Launch of Remodeled Website by limoserviceoakland.net

Limoserviceoakland.net, a premier ground transportation provider, has recently launched their remodeled website. Their remodeled website aims to improve the user experience and offer better insight of their business model. Their remodeled website has tons of new features and user-friendly navigation structure to benefit the customers.

“Any business has to keep up with the improving technology in order to stay in the business. The basic idea behind remodeling the website was to make our services and fleet information available to the customers with utmost ease. The customers will find complete specifications and technical details with the images of the fleet in the new website for determining the profitability of the vehicle. Additionally, we have included many features that can help the customers in comparing the vehicles and choosing the best one for the tours. Of course, the best search engine optimization was also the main aspect behind the remodeling of the website.” – said Ruben, a manager of limoserviceoakland.net

They have used dynamic approach to remodel the website to make it visually appealing and informative for the customers. The remodeled website offers the benefit of accessing the required information with only a few clicks. Their remodeled website includes complete information about the services like wine tour, casino trips, airport transfers, concerts, sports events, night on the town and corporate events. Their website has dedicated pages focusing on the luxury transportation options for the occasions like wedding, birthday parties, proms, bachelor parties and bachelorette parties. Their new website has state-wise recommendation about the most popular destinations, hotels and restaurants for the benefits of the customers.

They have showcased their wide ranges of limo collection that includes Escalade Limo, Lincoln Stretch Limo, Rolls Limo, Hummer Limo, Range Rover Limo and Chrysler 300 Stretch Limo in their fleet. Some other fleet information like features available in 20 passenger party bus, 28 passenger party bus and 45 passenger party bus are also listed on their website with the high-definition images. The information about their wide range of exotic cars such as Bentley Flying Spur, Mercedes-Benz S500, Ranger Rover SUV, Rolls Royce Phantom, Ferrari and Lamborghini Gallardo are now available on their new website.

They have also included the complete information about the different tour packages and their features in the website for better understanding. The customers can now subscribe to their newsletter to know about the release of new packages, deals, services and fleet. They have also included the online vehicle reservation facility on the new website to offer the convenience of booking the most appropriate vehicle with utmost ease. The customers can visit http://www.limoserviceoakland.net to check out the new features of the remodeled website or book a limousine for tours and travels.

Facebook speeds PHP by crafting a PHP virtual machine

Social networking giant Facebook has taken another step at making the PHP Web programming language run more quickly. The company has developed a PHP Virtual Machine that it says can execute the language as much as nine times as quickly as running PHP natively on large systems.

“Our goal is to make PHP run really, really quickly,” said Joel Pobar, a Facebook engineering manager. Facebook has been using the virtual machine, called the HipHop Virtual Machine (HHVM), across all of its servers since earlier this year.

Pobar discussed the virtual machine at the O’Reilly Open Source Conference (OSCON) being held this week in Portland, Oregon.

Shares its development tools

HHVM is not Facebook’s first foray into customizing PHP for faster use. PHP is aninterpreted language, meaning that the source code is executed by the processor directly. Generally speaking, programs written in interpreted languages such as PHP tend not to run as quickly as languages, such as C or C++, that have been compiled beforehand into machine language byte code. Facebook has remained loyal to PHP because it is widely understood by many of the Web programmers who work for the company.

To keep up with the insatiable user demand, however, Facebook originally devised a compiler, called HipHop, that would translate PHP code into C++, so it then it could be compiled ahead of time for faster performance.

While Facebook enjoyed considerable performance gains of this first version of HipHop for several years, it sought other ways to speed the delivery of the dynamically created Web pages to its billion or so users. “Our performance strategy for that was going to tap out,” Pobar admitted.

HHVM is the next step for Facebook. Under development for about three years, HHVM actually works on the same principle as the Java Virtual Machine (JVM). HHVM has a just-in-time (JIT) compiler that converts the human readable source code into machine-readable byte code when it is needed. (The previous HipHop, renamed HPHPc, has now been retired within Facebook.)

This JIT approach allows the virtual machine to “make smarter decisions at runtime,” Pobar said. For instance, if a call is made to the MySQL database to read a row of data, the HHVM can, on the fly, figure out what type of data it is, such as an integer or a string. It then can generate or call code on the fly that would be best suited for handling this particular type of data.

With the old HipHop, “the best it can do is analyze the entire Facebook codebase, reason about it and then specialize code based on its reasoning. But it can’t get all of the reasoning right. There are parts of the code base that you can not simply infer about or reason about,” Pobar said.

Virtual system speedier

Pobar estimated that HHVM is about twice as fast as HPHPc was, and about nine times as fast as running straight PHP.

Facebook has posted the code for HHVM on GitHub, with the hopes that others will use it to speed their PHP websites as well.

HHVM is optimized for handling very large, and heavily used, PHP codebases. Pobar reckoned that using HHVM for standard sized websites, such as one hosting a WordPress blog, would gain only about a fivefold performance improvement.

“If you take some PHP and run it in on HipHop, the CPU execution time [may] not be the limiting factor for performance. Chances are [the system is] spending too much time talking to the database or spending too time talking to [the] memcache” caching layer, Pobar said.

Yahoo! Acquisition AdMovate, Develop Mobile Advertising Service

Internet giant head of Marissa Mayer, Yahoo!, recently rumored to re-acquire a startup working in the areas of mobile advertising, AdMovate. The umpteenth time that the acquisition by Yahoo! Yahoo! is regarded as an effort to improve service advertisements that are considered “lackluster” lately.

Yahoo! via his blog on Tumblr, has officially announced the purchase AdMovate engaged in the mobile advertising services. AdMovate parties themselves have confirmed this issue by stating that they were aimed at helping advertisers to reach consumers at the right time and place via private message certainly be provide by AdMovate.

Quoted from a news release The Next Web today (18/7), Yahoo! states that carried AdMovate personalization technology can improve the ability of Yahoo! in advertising through the mobile platform. In addition, after the acquisition of all employees AdMovate instantly brought to the Yahoo! offices are located in Silicon Valley, USA.

Marissa Mayer as CEO of Yahoo!, concerning this acquisition had expressed interest in re-focusing the Yahoo! mobile services that could be left behind. According to him, the future of Yahoo! ‘s business models will be on the mobile segment in which this segment continues to experience a significant increase, “Yahoo’s future is on the phone. So we put the products for mobile phones, “he said.

In a blog post on tumblr, Scott Burke who is SVP of Display Advertising and Advertising Technology Yahoo! said Yahoo! is now trying to focus on investments in the mobile segment, “Yahoo is currently investing more in the purchase program and advertising on mobile phones,” she called.

Description Scott was indeed not a hoax. Yahoo! is just a period of four months was reported to have acquired 10 startup that Summly, Astrid, Milewise, Loki Studios, Go Poll Go, PlayerScale, Rondee, Ghostbird Software, Tumblr, and most recently Qwiki, and it is almost entirely a startup working in the mobile field. With the acquisition AdMovate which is a provider of mobile advertising services, then shopping “wholesale” a la Yahoo! The Yahoo! could be an attempt to break through the mobile industry is growing rapidly these days.

Google’s Chromecast could throw your mobile and browser games onto your TV

Google was announced The Chromecast, a small WiFi-enabled HDMI dongle that may well prove big news for bringing mobile and browser games to your living room.

The Chromecast plugs into your television’s HDMI slot, and allows you to send content from Android and iOS devices to the TV screen via Wi-Fi, while also supporting Chromebooks, and the Chrome web browser for Mac and Windows.

The device that is connected to the Chromecast then controls everything you see on the TV. The one caveat is that mobile apps need to integrate the Googlecast SDK to be able to send content across (apps in a Chrome web browser will work via “Chrome tab projection.”)

The device costs $35, and is already available to purchase directly from the Google Play Store. Notably, the possibility of projecting mobile and browser games via the device is not mentioned on the official website, which focuses on the video and music capabilities of the device.

As such, there’s no word as-of-yet regarding whether games will be fully supported, or whether input lag will cause issues for this particular line of fire.

Revealed, Microsoft SkyDrive Allow Skype and Tapped

A document reveals how Microsoft is working with U.S. intelligence agencies to read messages from users, including helping the U.S. National Security Agency (NSA) secret unlock code Microsoft, Australia Guardian reported on Friday (07/12/2013).

Confidential documents obtained by the Guardian of Edward Snowden, U.S. intelligence whistleblowers, said the level of cooperation between Silicon Valley and American intelligence agencies in the last three years.

The document, among others, suggests, Microsoft helped the NSA to read the conversation at the new portal Outlook.com by giving the company secret code. NSA has access to Outlook.com including Hotmail before the messages are written in the form of a code (encrypted).

Microsoft is working with the FBI this year that the NSA get easier access to the data warehouse via Prism SkyDrive which has 250 million users in the world.

Microsoft is also working with the FBI to the intelligence agencies “understand” the issues that potential Outlook.com that allows users to use the e-mail alias for them.

In July last year, nine months after Microsoft bought Skype, the NSA is proud to mention that the NSA has been able to increase the amount of video that they can access through Skype as much as three times through the Prism program. The materials obtained from Prism program routinely accessed by the FBI and CIA. One of the documents referred NSA has the name “team sport”.

Snowden documents also reveal the tension between Silicon Valley and the Obama administration. Leading technology companies lobbying the government to be allowed to express the depth of their cooperation with the NSA to address customer concerns in terms of privacy.

Corporate leaders are not trying to claim that they have collaborated and worked with intelligence agencies like NSA documents mentioned in the argument that the process is carried out according to the lawsuit.

In a statement, Microsoft said, “If we increase the capacity (upgrade)-prudok and updating our products, we are not exempt from having to comply with applicable laws, both now and into the future.”

Microsoft reiterated his argument that they provide the customer data “only in response to government requests, and we only serve the demand for specific address or identity”.

Last June, the Guardian reported that the NSA claims to have “direct access” program through the Prism system leading internet companies including Microsoft, Skype, Apple, Google, Facebook, and Yahoo.

Facebook’s Balancing Act: The Good, the Bad, and the Ugly

The good news: Facebook (NASDAQ: FB  ) turned fabulously profitable in the just-reported second quarter thanks to a redesigned ad flow on mobile Facebook apps. Revenues jumped 23% from the first quarter to the second. Last year, the same comparison yielded just an 11% seasonal gain. The year-ago quarter’s net loss turned into a tidy profit.

In response, share prices jumped more than 30% overnight and sit very close to all-time highs that were set during the stock’s IPO.

The bad news: The ad assault is interfering with the user experience. A fresh survey (free registration required) from the American Customer Satisfaction Index shows Facebook dead last among online media sites in terms of user satisfaction. “Facebook users find the numerous changes to the site’s interface taxing,” says the ACSI. Twenty-seven percent of users surveyed complained that ads are ruining their Facebook experience these days.

The ugly news: The good news may not last very long. Facebook had better dial back the ad blitz if it wants those disgruntled users to stick around.

It’s a high-wire balancing act between monetization and user satisfaction. Lean too far in one direction, and you won’t make any money from those billions of page views. Err too far in the other direction, and those profitable page views will melt away as unhappy users find greener pastures.

Don’t think it couldn’t happen. Facebook is not too big to fail. Unless the company strikes that crucial balance before it’s too late, we could very well see another mass exodus from one leading social network to another.

Facebook itself killed MySpace by launching a better service in the same genre. Before that, MySpace trampled all over social pioneer Friendster in much the same way.

And there are Facebook alternatives waiting to crush the current king at the first opportunity, believe it or not.

Chief among these is Google (NASDAQ: GOOG  ) and its Google+ service, which benefits from tight integration with the world’s most popular search engine as well as with leading video site YouTube.

Twitter sings a somewhat different tune but can fill many of the functions of a Facebook account. LinkedIn (NYSE: LNKD  ) is basically Facebook for corporate users and could very well expand into the consumer side of things if it wanted to.

All of these alternatives offer fewer ads and a cleaner experience than Facebook. LinkedIn ties with Facebook at the least satisfied end of the ACSI survey; everyone else runs miles ahead. Yes, even the much-maligned Google+ “ghost town.” And even LinkedIn reports fewer ad-taint complaints than Facebook.

That’s why I’d take this week’s Facebook share-price pop as a temporary boost, and not as a sustainable clean bill of health. The service currently leans far too heavy on the monetization side of the fence and runs a very real risk of finding out that the next era of social networking doesn’t include much Facebooking.

So my bearish CAPScall on Facebook stays in place until Mark Zuckerberg and company adjust their strategy again. If you can’t keep your users happy, the money will very quickly cease to matter.

One his incredible tech stock is growing twice as fast as Google and Facebook, and more than three times as fast as Amazon.com and Apple. Watch our jaw-dropping investor alert video today to find out why The Motley Fool’s chief technology officer is putting $117,238 of his own money on the table, and why he’s so confident this will be a huge winner in 2013 and beyond. Just click here to watch!

Google Maps Can Detect Traffic Accidents

Jakarta – Google has just updated the Google Maps application with new features. This feature comes reports of traffic accidents and the number of ways to access the various facilities.
Google Maps with accident information can be used on Android and iOS based devices. Overall, this application displays maps and their reliable navigation and traffic information.
Warning about the accident will appear on the map showing traffic flow and road construction. This information is also recommended that these options are not stuck in traffic around the accident site.
Last June, Google bought Waze, the creator of popular apps that inform traffic flow. But Google has not confirmed whether Waze’s data associated with this application or not.
The new application also allows users to find out if the place you want to target viable or not. Features »Explore” display greeting cards enjoy a meal and good night.
Through these features, users can be helped with a variety of information about the place in detail. There is also a rating system that allows users to find somewhere assessment.
Google Maps with navigation devices had previously been released for the Android and iOS platform. Product Manager for Google Maps, Nobuhiro Makida, said the superior feature of this application is the My Location, search, and referrals.
“Through My Location, users can know of its existence through the map, even if the device does not have GPS,” said Makida.
Next is a local search to find a business category. While referrals are the best route to a destination, even if the user is driving, walking, or taking public transportation.
Features can indicate the distance and direction of travel time to get to the destination. The Google Maps Navigation can be run via voice commands.

Twitter Yields 25,300 Tweets ‘Royal Baby’ per Minute

London – Twitter flooded with tweets about the birth of the couple’s first child Prince William-Kate Middleton. These social media platforms stating royal baby be a global trending topic with 25,300 tweets per minute.

Peak in the global conversation on Twitter came in at 20:37 am London time, a few minutes after the official announcement of the birth holds a couple Duke and Duchess of Cambridge. Since Monday night, more than 2 million people mention news of the birth of her baby’s future king on Twitter.

According to the Hollywood Reporter, the number of royal baby tweet tweet beat 120 thousand while Andy Murray won the prestigious Wimbledon tennis match.

Residents Twitter using the hastag specifically to associate with the royal birth. Generally, they use a hashtag like # RoyalBaby, # RoyalBabyBoy, and # RoyalBabyWatch.

According to a statement Twitter, since Middleton entered the hospital Monday morning with Prince William at her side, the hashtag # RoyalBaby itself has been used more than 900 thousand times on Twitter on Monday night. Tweet about royal baby news sent from all over the world, with the highest volume of conversation coming from the United States, Britain, Canada, France, and Italy.

Google releases Chrome 28 with Blink browser engine

Google on Tuesday released Chrome 28, the first polished version of the browser to use the company’s home-grown “Blink” rendering engine. On Windows, the upgrade also sported Google’s new notification service that lets developers of Chrome apps and add-ons display messages and alerts outside the browser window.

The upgrade was the first since May 21, when Google shipped Chrome 27 and touted some minor performance improvements.

[ Also on InfoWorld: Bug bounty programs provide strong value for Google, Mozilla. | Get your websites up to speed with HTML5 today using the techniques in InfoWorld’s HTML5 Deep DivePDF how-to report. | Learn how to secure your Web browsers in InfoWorld’s “Web Browser Security Deep Dive” PDF guide. ]

Google announced in April that it was dropping the open-source WebKit browser engine — at the time also used only by Apple’s Safari — and was instead launching Blink, a WebKit variant, to power Chrome. Since then, Opera Software’s Opera has also adopted WebKit as an interim step before it eventually moves to Blink.

Google cited difficulties in adapting WebKit to Chrome, and in the first weeks after the announcement, stripped copious amounts of unnecessary-for-Chrome code from the fork that became Blink. Previously, only the rougher “Dev” and “Beta” builds of Chrome relied on the Blink engine. Users can verify that Blink is present by typing chrome://version/ in the Chrome address-search bar, dubbed the “Omnibox.”

Also included in Chrome 28 is new support for more sophisticated notifications that appear outside the browser pane and display even when the browser’s not running. “Packaged apps” — ber-Web apps that look and behave like “native” code written specifically for the underlying OS — and add-ons can push brief messages and alerts to Chrome users after their developers have enabled the feature.

Only the Windows version of Chrome 28 currently supports these next-generation notifications, but Google promised that the feature would soon make its way to OS X and Linux. On a Mac, Chrome notifications are not integrated with OS X Mountain Lion’s Notification Center.

Along with the debut of Blink and notifications, Chrome 28 contained patches for 15 security vulnerabilities, one of them rated “critical,” Google’s most serious threat ranking. According to Google’s terse security advisory, that flaw was a memory management bug — dubbed a “use-after-free” vulnerability — in the browser’s network sockets code.

But while Colin Payne, who reported the bug, received an impressive reward of $6,267.40, another researcher was handed triple that. Andrey Labunets was paid a record $21,500 for filing several vulnerability reports, including two in the Google synchronization service and an unknown number of others that Google said were “…since-fixed server-side bugs.”

That last phrase and the amount paid were clues that Labunets discovered one or more flaws in a core Google service. In April, Google boosted bounties for vulnerability reports in its core websites, services and online apps, resetting the top reward to $20,000 for remote code executable bugs, those that attackers could use to slip malicious code onto a server or into an app or site.

Labunets is no stranger to large bug bounties. Earlier this year, after reporting a string of weaknesses in Facebook’s authentication protocol, Labunets was awarded $9,500 by the social networking giant.

Altogether, Google this week paid bounties totaling $34,901 to six researchers, including Payne and Labunets, for reporting eight different bugs. Through Tuesday, the Mountain View, Calif., company has awarded nearly $250,000 thus far this year in bounties or hacking contest prizes.

Users can download Chrome 28 from Google’s website. Active users can simply let the automatic updater retrieve the new version.