Kaspersky: Stuxnet Worm Has Nation-State Support

The Stuxnet worm, which we covered in two previous articles, is continuing to make headlines. Sophisticated malwares are nothing new. Just last year, we saw the Conflicker, which used exceptionally smart techniques to avoid disinfection. However, Stuxnet is a different beast all together.

“I think that this is the turning point, this is the time when we got to a really new world, because in the past there were just cyber-criminals, now I am afraid it is the time of cyber-terrorism, cyber-weapons and cyber-wars,” said Eugene Kaspersky, co-founder and chief executive officer of Kaspersky Lab.

The worm has been confirmed to have caused extensive damage to Iran’s nuclear facilities, and is being currently analyzed by US security organisations. It has also been found in Siemens systems in India, Indonesia, Pakistan and elsewhere. Stuxnet is unique because of its ability to identify a facility’s control network and wreck it. “This malicious program was not designed to steal money, send spam, grab personal data, no, this piece of malware was designed to sabotage plants, to damage industrial systems”, stated Eugene Kaspersky.

The origin and exact purpose of Stuxnet is still a mystery. “One of our hardest jobs is attribution and intent,” said Sean McGurk, director of the National Cybersecurity and Communications Integration Center (NCCIC). The worm, which exploits four separate 0-day (previously unknown) vulnerabilities, is being dubbed as a working and fearsome prototype of a cyber-weapon.

Tethering – Yet Another Feature You Won’t Find in Windows Phone 7

Make no mistake about it, the Windows Phone 7 launch is a make or break situation for Microsoft. If the technology giant wishes to remain competitive in the mobile segment, Windows Phone 7 has to impress. Otherwise, it might be too late.

Windows-Phone-7Unfortunately, when it comes to alluring power users with impressive features, Windows Phone 7 already appears to be falling short of the mark. Microsoft has already confirmed that WP7 won’t ship with copy-paste support. Now, a Microsoft spokesperson has confirmed that Windows Phone 7 won’t support tethering either. The revelation is bound to disappoint many who had got their hopes up after Brandon Watson, director of developer experience for Windows Phone 7, had hinted that Microsoft will support this consumer friendly feature that enables sharing of phone’s internet connection with laptops and other devices.

Windows Phone 7 definitely caught our eye when it was launched with its innovative interface and presentation. However, the big question is, is it the new Vista or the new Windows 7? Is Windows Phone 7 all show or does it have substance?

Sony Ericsson Decides To Dump Symbian, Will Use Android and Windows Phone 7

Sony-EricssonSymbian – the dominant smart phone operating system, is on its way out, and it seems that everyone but Nokia realizes this. We have no plans for the time being to develop any new products to the Symbian Foundation standard or operating system,Aldo Liguori, a spokesman for Sony Ericsson informed Bloomberg.

The revelation isn’t really surprising, given that Sony Ericsson has been investing heavily in the Android platform. Its current flagship device – the Xperia X10, as well as other smartphones like the Xperia X10 Mini, Xperia X10 Mini Pro and Xperia X8 all run on Android. Multimedia oriented Satio and Vivaz are the only high end handsets from Sony Ericsson that are powered by Symbian.

While Android will remain the main focus of Sony Ericsson, it will also launch Windows Phone 7 powered handsets. Speaking to a Swedish news outlet, Sony Ericsson’s CTO, Jan Uddenfeldt said, Android is definitely our focus, but we have not given up on Microsoft’s Windows Mobile operating system, although it had a bit slow to take off. But Windows 7 Phone is on the roadmap. However, we have at present no plans for new products with Symbian.

The move to drop Symbian and focus on Android is a smart one, since Sony Ericsson has been struggling to keep up with Google’s rapid release cycle. It is one of the few handset manufacturers that is yet to ship Android 2.1, which was released last year.

With Sony Ericsson pulling out, Nokia is now the only major manufacturer that will continue using Symbian on high-end devices. Nevertheless, the Finnish giant is also likely to adopt Microsoft’s new Windows Phone 7 smart phone OS.

Orkut Gets Flooded with ‘Bom Sabado’ Scraps

If you are amongst the few who still give a damn about Orkut, you might have noticed something fishy going on over the past few hours. A large number of users are randomly flooding their friend’s scrapbooks (Orkut’s equivalent of Facebook Wall) with the following message:

Orkut-Hack-Bom-Sabado

It doesn’t take a genius to figure out that the “Bom Sabado!” messages are automatically generated by a script. However, it is not clear if this is simply a script exploiting vulnerability in Orkut, or have the accounts sending the automated scraps been compromised.

If you are amongst those affected, it’s highly recommended that you follow the steps highlighted below:

  • Switch to the “older version” of Orkut.
  • Log out of Orkut.
  • Clean your browser’s cache and cookies.
  • Log in and change your password and security question.

If you haven’t been affected yet, it is strongly advised that you avoid Orkut until the issue has been resolved. I managed to trigger the same exploit while researching this article. Recently other high profile websites like Twitter and YouTube also fell victim to XSS attacks.

This is a developing story; we will update this topic as soon as we learn more. In the meanwhile, stay tuned to Techie Buzz and don’t forget to share your experience, if you have also been affected.

Update 1: The worm appears to have originated in Brazil, where Orkut is still exceptionally popular. Many of the affected users are noticing the Brazilian flag on their status messages. Additionally, the word ‘Bom Sabado’ means ‘Good Saturday’ in Portuguese, which is the official language of Brazil. We are still awaiting an official response from Google.
Update 2: ‘Bom Sabado’ is now trending on Google.

Bom-Sabado

Update 3: Google has finally responded. An update posted on the official forum claims that the ‘Bom Sabado’ bug has been contained.

We’ve contained the “Bom Sabado” virus and have identified the bug that allowed this and have fixed it.
We’re currently working on restoring the affected profiles.

However, we are seeing new variants of the worm (such as ORKUT 3XPL0!T5) appear, which suggests that the underlying vulnerability is yet to be plugged.

Update 4: Google has officially confirmed that the attack did not lead to any compromised user account information. For more information check our follow-up post.

Kaspersky: Opera’s Community Website Is Being Used to Distribute Malware

MyOpera – Opera’s official community website, is being misused to distribute malwares, according to a researcher at Kaspersky Labs.

My-OperaThe Norwegian browser maker allows anyone to sign up and host photos, upload files, publish blogs, participate in discussions and more at myOpera. Unfortunately, the ease of creating an account is being exploited by malware developers to host PHP based IRC botnets on myOpera.

In the recent past, malwares were discovered on Mozilla and Google Code’s servers also. Although I am still awaiting an official response from Opera regarding the security measures they currently have in place, by Kaspersky’s own admission, the problem isn’t very widespread. Dmitry Bestuzhev, the expert from Kaspersky who made the discovery, has so far found less than hundred malwares hosted on myOpera, which has more than 5 million registered members.

Incidents like this goes on to prove that staying careful alone can’t always protect you. XSS vulnerabilities in popular websites like Twitter and YouTube, HTML injection attacks in popular blogs and untrusted files on community websites like myOpera are just some of the techniques being used by malware creators to fool even savvy internet users.

Sony Ericsson Xperia X12 – 1.5 Ghz Processor and Android 2.2

According to the word going around, Sony Ericsson is currently working on the successor to the Xperia X10. The device, which goes by the codename Cliaro, is expected to be announced near the end of this year, and ship in early 2011.

Related: Android 3.0 Powered PlayStation Phone from Sony Ericsson

The leaked specifications suggest that Cliaro (possibly Xperia X12) will have TI OMAP4 1.5GHz processor, Android 2.2 (Froyo) and a 4-inch AMOLED 1080×720 resolution screen. The 10mm thick Xperia X12 is also expected to sport a 12 megapixel camera.

The news that Sony Ericsson is working on a successor to the Xperia X10 is not a surprise. However, the resolution being touted by the reports spreading around the interwebs is suspicious to say the least. The use of AMOLED is also surprising. Recently, even HTC switched to super-LCD screens manufactured by Sony due to acute shortage of AMOLED screens. Even though IT168 has been right before, we are putting this firmly in the rumors category until we know more.

Learn About Latest Google Innovations and Product Updates with Google New

Google-NewEvil or not, Google is a behemoth – there can’t be any doubt about that. Barely a day goes by without Google announcing a new product or unveiling a swanky new feature. Just keeping track of everything Google is announcing can be an uphill task. Subscribing to Techie Buzz obviously helps, but most of the time, we just scratch the surface. Google itself maintains a network of more than 100 blogs to announce new policies, product launches and updates.

Google quite obviously realizes that there is a problem, and in keeping with its tradition, the folks at Google have launched yet another new product to solve this problem – Google New. In the words of Ji Lee, designer and creative director at the Google Creative Lab:

A few of us had a 20 percent project idea: create a single destination called Google New where people could find the latest product and feature launches from Google. It’s designed to pull in just those posts from various blogs. We hope it helps you find something useful you’ve never tried before.

Google New showcases all the latest announcements from Google that you should be aware of. Almost all of the Google Products are covered, including Google Earth and Maps, AdSense, Webmasters, Analytics, Search, Gmail, Docs, Blogger and Orkut. Go ahead and give it take it for a spin at google.com/newproducts/.

Sony Ericsson Xperia X10 Android 2.1 Update Delayed

If you are a Sony Ericsson Xperia X10, Xperia X10 Mini or Xperia X10 Mini Pro owner, get ready for some bad news. The promised Android 2.1 update has now been pushed back from late Q3 to Q4. Rikard Skogberg, Business Manager – Product to Market at Sony Ericsson, revealed in an official blog post that the firmware update won’t start hitting the airwaves until late October.

Sony-Ericsson-Xperia-X10

Sony Ericsson is one of the few major mobile manufacturers that is still deploying the pre-historic Donut build of Android. Most of the manufactures, including HTC and Motorola, have already moved on to Froyo (Android 2.2), while Google is preparing for the release of Gingerbread (Android 3.0).

The update, which was confirmed on multiple occasions (the most recent occasion being yesterday’s tweet by Sony Ericsson UK) to be launching in Q3, will introduce a host of new features to the Xperia line of smartphones besides the standard Éclair goodies. Here’s a quick glimpse from the official SE announcement:

Xperia X10:

  • HD video recording with continuous auto-focus for high quality videos
  • Upgrade of the Android platform to Android 2.1
  • New back up and restore application, with extended content back up
  • 5 homescreens for apps, widgets, shortcuts and folders
  • Social phonebook which automatically syncs contact pictures from Facebook and shows when your friends are online

Xperia X10 mini and X10 mini pro:

  • Improved Bluetooth functionality with support for sending and receiving pictures, contacts and more
  • New backup and restore application with extended content back up
  • Automatic synchronization of your contact pictures between Facebook and your phone book
  • Improved ways of handling pictures, audio, text and numbers in your messages
  • Upgrade of the Android platform to Android platform 2.1

Sony Ericsson has promised to provide visual and video examples of the new feautures soon. In the meanwhile, you can check out the leaked preview video of Android 2.1 running on Xperia X10.

Google Continues Blocking Opera For No Apparent Reason

Google is a company that takes pride in its “Do no Evil” mantra and champions “openness”. Whether it is the Android operating system or the Chrome web browser, “open” is one word you have probably heard Google promoting. However, its actions suggest otherwise.

Recently, Google unveiled Instant Search, a potentially revolutionary feature that displays results as you type. This killer feature is supposed to work in all modern browsers. But, guess what? It doesn’t work in Opera, and it’s not quite Opera Software’s fault.

Google appears to be using browser sniffing (i.e. scripts that detect the browser being used to render the webpage) to block Opera users. Opera users accessing google.com/instant are greeted with the following message:

Google Instant is not available for your web browser.
Please upgrade to the latest version of a modern browser to use Google Instant.

Google-Instant-Opera-Blocked

Curiously enough, clicking on the “modern browser” hyperlink will take you to a webpage that (among others) recommends Opera. Of course, this isn’t exactly a new phenomenon to Opera users. Way back in 2004, Opera Software had filed a class-action lawsuit against Microsoft for providing Opera users an inferior MSN user experience. Google also has a history of purposefully and unnecessarily blocking Opera. One of the most recent examples is Google’s fancy doodles.

Fortunately, there is a way out for Opera users. The solution is to simply change Opera’s user agent to mimic Firefox. Here’s a quick guide to access Google Instant Search in Opera:

  • Open www.google.com in Opera.
  • Right click on an empty spot in the page and select “Edit Site Preferences…” from the context menu.
  • Navigate to the “Network” tab and change the “Browser Identification” option to “Identify as Firefox”. Now you will be able to enable Google Instant Search.


via @brucel

Unfairly blocking competitors is anything but fair and open. It’s time that Google put its money where its mouth is. Even more importantly, it’s time that the talented engineers and coders at Google realized that browser sniffing is a really really bad idea.

Opera Mini 5.1 for Windows Mobile Improves Usability

Earlier today, Opera Software announced the launch of Opera Mini 5.1 for Windows Mobile devices. The newest build introduces a number of usability improvements to the world’s most popular mobile web browser.

Opera-Mini-5-1-Windows-Mobile

The biggest improvement is the support for high resolution devices (higher DPI), and improved page layout and font rendering. Unlike other browsers, Opera Mini, which was initially meant only for low-end handsets, doesn’t locally render the webpages. Instead it routes the requested pages through its own servers that renders the pages, compresses them and sends them back as static content. While this approach creates problems with interactive websites using AJAX and other modern technologies, it can drastically reduce data charges and even speed up web browsing on slower networks.

Other new features include support for auto-rotation, advanced configuration support for advanced users and the ability to become the default system browser. Opera Mini 5.1 contains several key improvements for the millions of people with a Windows Mobile phone,informed Jon von Tetzchner, the Co-founder of Opera Software. The new Opera Mini is particularly vibrant and really takes advantage of high resolution screens. And, now that you can set Opera Mini as your default browser on a Windows Mobile phone, it is much easier to enjoy the speed boost and data compression. It is our way of making your Windows Mobile phone better.

To download Opera Mini 5.1 simply browse to m.opera.com on your mobile phone.