Communicator Communities

Making web theming and maintenance easy.

US paranoia about H-1Bs

June 21, 2017

The fact that Indian IT firms gamed the application system to get a large share of H-1B visas is indisputable.

The habit of using Indian H-1B workers on contract from Indian outsourcers reached a boiling point, with several news reports describing how Americans were forced to train their Indian counterparts or risk losing their severance altogether, a decision that was both tactically and ethically disastrous.

Yet, what if, in general, reports of marauding Indian firms displacing American techies have been hugely overstated? What if the belief of there being a large supply, if not an oversupply, of American tech labour is simply not backed by numbers collected from US agencies? What if fears about outsourcing eventually led to a crisis in American tech employment?

A recent policy paper by the National Foundation for American Policy (NFAP), an organisation that describes itself as non-profit and non-partisan, reveals some interesting numbers that paint a very different picture of not just H-1Bs, but also the future of American tech employment.

Read More

Election hacking risks

June 21, 2017

More than a hundred security researchers and computer science experts have warned in a letter to lawmakers that not enough is being done to ensure the integrity of state and federal elections.

The letter, published Wednesday, argues many US states are “inadequately prepared” to respond to cybersecurity risks with upcoming elections.

The hundred-plus co-signatories, including cryptographer Matthew Blaze, security expert Bruce Schneier, and PGP creator Phil Zimmermann, say the US “needs prompt action to ensure prudent elections security standards.”

The experts also outlined several recommendations that would “form the basis of robust, enforceable, sensible federal standards that can restore needed confidence in American elections,” including ensuring that any electronic election machines produce a voter-verified paper ballot to establish the “official record of voter intent.”

The letter was released to coincide with a Senate Intelligence Committee hearing on Wednesday, where experts testified to the state of election security in the wake of several recent news reports that further detail Russia’s efforts to influence last year’s presidential election.

Read More

Personal data on 198 million voters

June 19, 2017

A huge trove of voter data, including personal information and voter profiling data on what’s thought to be every registered US voter dating back more than a decade, has been found on an exposed and unsecured server, ZDNet has learned.

It’s believed to be the largest ever known exposure of voter information to date.

The various databases containing 198 million records on American voters from all political parties were found stored on an open Amazon S3 storage server owned by a Republican data analytics firm, Deep Root Analytics.

UpGuard cyber risk analyst Chris Vickery, who found the exposed server, verified the data. Through his responsible disclosure, the server was secured late last week, and prior to publication.

Read More

The QakBot/Pinkslipbot banking trojan

June 19, 2017

A form of banking Trojan malware has evolved a new attack technique and is using infected machines as control servers – even after its ability to steal data has been removed by security products.

Qakbot is a worm which can spread through the networks and is capable of stealing credentials, opening a backdoor on the infected computer and downloading additional malware – all while using a rootkit functionality to stealthily remain hidden.

The Trojan was first discovered in the late 2000s, but over a decade on its still regularly causing new problems and now it has found a new way of carrying out malicious activity, even if the malware is removed from an infected network.

Researchers at McAfee Labs discovered a new form of the banking Trojan – also known as Pinkslipbot – which uses infected machines as HTTPS-based proxies for the actual control servers.

Pinkslipbot harvests banking credentials using password stealers, keyloggers, man-in-browser attacks and more to steal information, mainly from US financial institutions. In total, the malware controls a botnet of over 500,000 machines and researchers say it steals half a million records every day.

Read More

Fixes thwart NSA hacking tools

June 13, 2017

Microsoft has confirmed its latest round of security patches has fixed three remaining vulnerabilities built by the National Security Agency, which the company previously said it would not fix.

The company confirmed to ZDNet that it had reversed course on releasing patches for the exploits, which Microsoft said earlier this year only affect older operating systems that have since been retired, notably Windows XP and Windows Server 2003.

The release comes as the software giant warned of an “elevated risk for destructive cyberattacks” following last month’s ransomware-based cyberattack.

It’s the latest twist in a cat and mouse game between the National Security Agency and Microsoft in recent months, after the intelligence lost control of its arsenal of hacking tools.

An unknown hacker group obtained the cache of tools in one of the biggest breaches of classified files since the Edward Snowden revelations. These tools allowed NSA analysts to break into a range of systems, network equipment, and firewalls, and most recently, Linux servers, and a range of Windows operating systems. The group attempted to auction off the files but failed, and it has been releasing portions of the stolen files in stages.

Read More

Venturing outside Google’s protective walled garden

May 27, 2017

Ask almost any security expert, and they’ll tell you switching on “unknown sources” on your Android phone or tablet is one of the worst things you can do for device security.

But that’s exactly what Amazon has asked its app store customers to do for years.

The heart of the problem is Amazon’s requirement to allow installations from “unknown sources” — that is, any app or game that hasn’t been carefully vetted by the Google Play app store. That’s because while almost all of Amazon’s apps are already in Google Play, the retail giant’s own third-party app store, dubbed Underground, isn’t allowed.

Opening your Android phone or tablet up to apps and games outside Google’s protective walled garden also makes your device infinitely more vulnerable to malware.

And that’s no secret. We’re not even the only ones to notice it — some noted the security issue back in 2015 when Amazon Underground first launched.

When asked to comment, an Amazon spokesperson confirmed that Underground had since been installed on “millions” of Android devices. That’s in part because some of Amazon’s own apps for Android are only available through Amazon Underground, such as Amazon Prime Video — the company’s competitor to Netflix.

Read More

Microsoft’s Surface lineup

May 26, 2017

Microsoft’s Surface business has always been a minefield for the company.

The OEMs who build PCs that run Microsoft Windows aren’t thrilled at the prospect of their partner also being a rival in the cutthroat hardware business. The competitive challenge for Microsoft, then, is to be successful but not too successful.

That might explain why some Surface decisions, especially pricing, are less than aggressive, leaving Microsoft “vulnerable to competition,” in the words of ZDNet’s Larry Dignan.

In fact, it’s pretty clear that the company has no desire to knock any of those OEM partners out of the top slots on the PC market share charts.

Instead, its goal appears to be very different. The point of Surface is to build devices that define the premium PC market, where the profits are to be found for the entire Windows ecosystem. Microsoft has packed its Surface devices with features that it expects and even encourages its OEM partners to copy. In this case, imitation isn’t just the sincerest form of flattery, it’s a desired outcome.

Read More

Android now supports Kotlin

May 18, 2017

If you’re not a mobile developer working with Android, chances are you haven’t heard of Kotlin. If you are an Android programmer, it’s the best thing since sliced bread.

While Java has long been Android’s main programming language, it’s never a good fit. Java was written when “mobile” computing devices were 7-pound laptops. In the meantime, Apple iOS developers had the pleasure of working with mobile-first languages such as Swift. Unlike Swift, which is now open source but started as an in-house Apple product, Kotlin started out as a third-party language.

Kotlin was written by the Russian Java developer company JetBrains. They found Java limiting, and saw little chance of it being improved. Simultaneously, they had a lot of legacy Java code base so they had no desire to port it to another language. First, they looked at existing Java virtual machine (JVM) languages such as Scala. Scala didn’t make the grade either.

Read More

How to turn off the SMBv1 protocol

May 17, 2017

The recent WannaCry ransomware outbreak spread because of a vulnerability in one of the Internet’s most ancient networking protocols, Server Message Block version 1 (aka SMBv1).

If you have an app or hardware device that requires SMBv1, it’s time to ditch it.

Your PCs that run Windows 10 were protected from that exploit, but that doesn’t mean you’ll be so lucky the next time.

In the interests of implementing a comprehensive, multi-layer security policy, Microsoft recommends that you disable the SMBv1 protocol completely. The world has already moved on to SMBv3, and there’s no excuse for continuing to let that old and horribly insecure protocol continue running on your network.

To permanently remove SMBv1 support from Windows 10, use either of these two approaches.

Read More

Google bets on AI

May 17, 2017

Whether it’s search, Google Assistant, Android, Gmail, Google Photos, or Google Cloud Platform and its data centers, the path to success for Google flows through two words: Artificial Intelligence (AI).

If there’s one takeaway from Google I/O it’s that CEO Sundar Pichai is pivoting the company to an AI-first orientation. Last year, Pichai outlined the AI theme, but this year Google’s unifying theme is that artificial intelligence and machine learning has hit an inflection point.

“Computing is evolving again. We’re moving from mobile first to AI-first. In an AI-first world we are thinking through all our products,” explained Pichai. “We are building AI-first data centers. We are focused on applying AI to solving problems.”

And, yes, AI is going to be learning how to build more AI applications.

Read More