Earlier this month, Symantec released patches for its PCAnywhere program, saying the patches would protect its users from hackers who have gotten control of PCAnywhere source codes. These were critical patches for Windows versions of PCAnywhere. With these patches, Symantec also admitted that some of its source code was stolen back in 2006, and it was being contacted by the Lords of Dharmaraja (a hacker group) over these stolen codes.

Symantec PCAnywhere 12.5 is the world’s leading remote access software solution. It lets you manage computers efficiently, resolve helpdesk issues quickly, and connect to remote devices simply and securely.

While the patches released by Symantec fixed known vulnerabilities, there could still be some unknown vulnerabilities, which were unpatched.

Symantec claims that the Anonymous interacted with the FBI in its negotiations, but it is unclear whom they really contacted. Some speculate it is Symantec, and they are using the FBI story as a cover up. On the other hand, the hackers have released 1.27 GB of data this Monday, and claim that there is more.

An interesting part of the conversation between Symantec and hackers reads,

We cannot pay you $50,000 at once for the reasons we discussed previously.  We can pay you $2,500 per month for the first three months.  In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated).   Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once.  That should solve your problem. Obviously you still have our code so if we don’t follow through you still have the upper hand.

When Symantec tried to play the hacker Yama Tough, who claims to have the code, he got impatient and released the code online on 6 February. After analyzing the leaked code, Symantec has declared that it is a five-year-old code and its patches are enough to keep users safe. However, these source code leaks are unacceptable from a company that deals in security.

The list of email conversations can be found on this paste from PasteBin.

The German Government is relying on Google Chrome for the safety of its users online. It has recommended all Windows 7 users to move to Google Chrome, which offers a better sandbox protection and automatic update features. This recommendation has been put up as part of a security best practices guideline.The Germany’s Federal Office for Information Security declared Chrome to be the best browser, from a security perspective.

Google Chrome is indeed secure, and we have seen it claim wins in multiple Pwn2Own contests. It has remained unbeaten for a long time, and this is owing to the extremely secure sandbox.

In computer security, a sandbox is a security mechanism for separating running programs. The sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory.

The Germany’s Federal Office for Information Security, known as BSI in Germany, said,

Your internet browser is the key component for the use of services on the Web and thus represents the main target for cyber-attacks. By using Google Chrome in conjunction with the other measures outlined above, you can significantly reduce the risk of a successful IT attack.

Overall, this is an excellent move by the German Government to make its users secure. Germany sees a market dominated by Firefox at 51% and IE at 24%, and there are only 14.3% Google Chrome users, currently. However, this recommendation has some practical issues. Google Chrome has had issues with the Flash Player, its rapid release cycle poses problems for developers and most importantly, it puts too much of data in the hands of Google. This can raise serious privacy concerns.

The guidelines laid down by the BSI can be found here.

If you are a Google Chrome user, you must have seen how notifications work for Gmail. Google created the Desktop Notification system based on HTML5, and proposed its inclusion in the W3C web standard. The draft for the notification can be seen on this page at W3C.

Notifications is designed to allow brief messages to be sent to a user however they are connected. Somewhere between email and IM lies Notifications.

Push notifications are a way for websites to send small messages to users when the user is not on the site. iOS and Android devices already support their own push notification services.

Recently, Mozilla has brought out a similar notification system called Push Notification, using a JavaScript API. However, it has also improved on Google’s implementation, and will push notifications for all websites, irrespective of whether they are open in a tab or not. Currently, Chrome shows notifications only for websites that are open in a tab.

With this feature, Mozilla wants to bring the web-application closer to the desktop application. A similar experience on a desktop browser is a good start. Native mobile clients on Android have used push-notifications successfully, for a long time. However, the Push Notification system will also help developers send notifications to their mobile users, without investing in a separate mobile client.

You can visit the Mozilla Wiki for more technical information on notifications, or the Push Notification API in particular.

The Perl Foundation has received its seemingly largest donation of $100,000 from the Craigslist Charitable Fund. This donation will be used towards the maintenance of Perl 5. Craigslist is built mostly using Perl, and it uses many other open-source technologies.

Craigslist is so popular in its niche that it was mentioned on this episode of The Big Bang Theory, where Sheldon wants to buy Uranium, online.

The President of the Perl Foundation, Karen Pauley, expressed his gratitude to the Craigslist Charitable Fund, saying,

This generous donation will allow us to improve the Perl 5 Core and the work done with the Core Maintenance Fund, as well as sponsor a range of Perl 5 related activities through grants and initiatives already in existence and in the community.

The Perl Foundation has received heft donations earlier. Booking.com donated $50,000 to the Perl Foundation in 2008, and Liquid Web, a web hosting company donated $10,000 to the Perl Foundation in September last year. However, development of Perl has slowed down considerably over the last decade, with new versions primarily resolving bug fixes, and including minor syntax changes. This donation should be a boost for the Perl Foundation, and should help it revamp the development of the “duct tape of the Internet”.

Perl is released under the GNU GPL and the Artistic License. It is an extremely dynamic, flexible and (perhaps the most) powerful programming language. It truly deserves these donations, and much more love.

Last September, Microsoft and the Kaspersky Labs claimed a big win on the Kelihos botnet, when they took control of the infected computers. Kelihos was sending 4 billion spam messages a day, and it covers all kinds of spam including pharmaceuticals and stocks. Researchers devised an interesting mechanism to direct all the infected computers to communicate with a “sinkhole” or a computer they controlled. In spite of these stringent measures, Kelihos has started showing its face again, and very soon, its owners might regain control.

Not only has Kelihos started showing back on the radar, it is using new encryption techniques to hide its communications. A researcher at Kaspersky has also noted that two different RSA keys are being used; indicating that there might be two different groups controlling Kelihos.

Although researchers can install updates or clean up the infected computers, it is against the law in many geographical regions. A few days ago, Microsoft named Andrey N. Sabelnikov, a Russian citizen, guilty of running Kelihos. However, Russia does not allow extradition of its citizen, and he cannot be brought to a trial. Kaspersky Securelist investigated into the matter, revealing some interesting facts, like

Our investigation revealed that the new version appeared as early as September 28, right after Microsoft and Kaspersky Lab announced the neutralization of the original Hlux/Kelihos botnet.

Clearly, shutting down the Kelihos botnet will be a big challenge, and it will be interesting to see how far Microsoft and Kaspersky go in this case.

Google Maps is a wonderful worldwide mapping service. It provides excellent geographical details, and all its features are available for free, if you are a direct consumer of their mapping product, Google Maps. Google Maps also has an API for all of its mapping features like directions, traffic information and place information. However, Google has recently started charging developers for its API, and this has put it in a controversial position.

Bottin Cartographers is a provider of mapping services to many French companies, and it has been in this business for two decades. Bottin Cartographers accused Google Maps two years ago of killing competition, by offering a competitive service for free. Their argument was that Google Maps would drive out other players in this field, and then, once it captures the market with its free product, it will start charging its users. Finally, the court has ruled in favor of Bottin Cartographers, and Google has to pay a fine of 515,000 euros.

While Bottin Cartographers is only a provider of mapping services, Google has both a free Map service, and a map API for use by developers and other mapping services. However, it has recently started charging higher for its API, which gives meaning to Bottin Cartographers’ worries.

Google’s decision to increase charges for its API usage has also upset many developers, and services that used Google Maps. They are looking for Google Maps API alternatives, or considering building their own maps now.

Credit Suisse is a Swiss multinational financial company with operations in more than 50 countries. Over the last three years, it has constantly been in news for controversies of money laundering, fraudulent banking and tax evasion. This time, Credit Suisse has come under the radar of the FBI again, when a four-year-old case is seeing some development. Credit Suisse has been found guilty of fabricating bank records to hide its losses. This case is of special interest to the feds, as the hidden losses amount to half a billion dollar. Nonetheless, it is of special interest to IT professionals, because it involves tampering of data by back-office employees.

Here the fault is of two employees at Credit Suisse, who circumvented a mandatory real-time reporting system, and instead, entered falsified and manual, profit and loss figures. However, the profit and loss figures did not match the product’s business, as its value had collapsed. Computer World reports this situation, saying,

The traders, David Higgs, 42, and Salmaan Siddiqui, 36, pleaded guilty to attempting to manipulate around $3 billion in subprime mortgage-backed securities on order to reduce how bad losses looked. A large amount of the alleged activities took place in Credit Suisse’s London offices in Canary Wharf, as well as in New York.

This raises serious concern on IT practices in companies that handle critical back-office jobs. Fabricating data can disrupt the balance of cash flow across multiple channels, causing a gridlock like situation. However, an equally big concern here is that of ethics. Is it right for managers to ask employees to manipulate system data, and what should an ethical employee do to walk out of such a situation without repercussions? Do not forget to read this Stack Exchange page for some expert advice.

The Super Bowl is one of the largest sporting events in the US. This Sunday, the Super Bowl will take the Internet by storm once again, and companies will compete head on to put up their best advertisement. However, what goes on behind the scene in such mega events, go unnoticed when there are $116,666 per second worth of advertisements running to fill up the gaps.

The Super Bowl sees tightly integrated security measures. However, for the coming Super Bowl on Sunday, security has been upped considerably, and it is believed that this is the most secure Super Bowl to have happened ever! Super Bowl is already a National Special Security Event, and this video demonstrates the security measures in place, at this Super Bowl, 2012.

The technologies used by the department of Homeland Security, for this Super Bowl include, but are not limited to Mobile Gamma-ray Vehicle Scanners (can look through six inches of steel), Mobile command Center and non-exploding manhole covers. The Department of Homeland Security has built an $18 million Regional Operations Center over 76,000 square foot at Indianapolis, which will co-ordinate all federal agencies involved in the Super Bowl. Besides the mega-command center, there is another million-dollar mobile command center, which has been built by Verizon.

In addition to these measures, they have also set up a surveillance network of cameras, which can be accessed through a web address. Cameras will also be deployed on helicopters and moving vehicles.

With every passing year, the Super Bowl gets bigger and this upped security brings out the best in all law enforcement agencies. Enjoy a safe Super Bowl, this Sunday.

If you have not heard of Wayland until today, it is because Wayland has not had any public release of their display protocol. Wayland has been available at its Git repository for anyone to try it out, though finally, it will get the public release of its first version 1.0, after four years of development.

Wayland has been of special interest for many Linux enthusiasts, as it is a perfect replacement for the X Window System. The Wikipedia article on Wayland explains it in simpler language.

Wayland provides a method for compositing window managers to communicate directly with applications and to communicate directly with video and input hardware. Applications render graphics to their own buffers, and the window manager becomes the display server, compositing those buffers to form the on-screen display of application windows. This is a simpler and more efficient approach than using a compositing window manager with the X Window System.

Wayland will provide an excellent alternative for those who loath the X Window System. Fedora and Ubuntu are the two major Linux distros, which have always been interested in Wayland, and they will replace X with Wayland at the first chance. The Tizen project is also looking forward to using Wayland.

Kristian Høgsberg is the founder of Wayland, which is released under the MIT license. You can read this interview of Kristian Høgsberg for this coming FOSDEM. Wayland will be announced and released at this FOSDEM 2012, to be held in a few days.

One of the biggest problems that the Internet has faced for years, and is facing still, is spam. It is estimated that more than 90% of the total Internet traffic is email spam. The figure has come down considerably, after Microsoft hunted for and took down a number of botnets. Nonetheless, the volume of spam is still high enough, that it is a matter of concern.

Spam is so popular and widespread, there are businesses based on spam, which thrive on the naiveness of the casual Internet surfer. Most of these spammers gather personal data or credentials, using phishing attacks.

This time, all tech giants, namely Google, Microsoft, Yahoo!, PayPal, Facebook and LinkedIn are going after spammers. They have decided to verify if the email sender is indeed the actual sender. Ars Technica writes on this, claiming that SMTP is too old to, and the concept of emails has become complicated since its birth.

Although methods like SPF and DKIM  have been used in email phishing protection already, they have their limitations. Instead, these tech giants are working on a new protection scheme called DMARC.

As with SPF and DKIM, DMARC depends on storing extra information about the sender in DNS. This information tells receiving mail servers how to handle messages that fail the SPF or DKIM tests, and how critical the two tests are. The sender can tell recipient servers to reject messages that fail SPF and DKIM outright, to quarantine them somehow (for example, putting them into a spam folder), or to accept the mail normally and send a report of the failure back to the sender.

As DMARC stores extra information about the sender, it has to record all the senders, to function effectively. This makes a global rollout compulsory for DMARC to be effective in fighting spam. In the next few months, we will see how the Internet community receives DMARC and whether it is effective against spam.