Sunday, 18 August 2013

Google, Microsoft outages: Two different outlooks?

  It might be something to do with a complete inability to trust my fellow human, but I don't stick to any one provider of Web services.
  I use three different browsers and three different e-mail services.
  I have no adoration toward any of them, but if there's one thing that's hard not to admit, it's that most of Google's tend to work a little better than anyone else's.
  Which made me wonder how last week might have proved that point.
  Microsoft's Outlook e-mail has sometimes -- at least for me -- been more erratic than a Fernet-ridden fly.
  Far too often, if I try to reply to a message, the system tells me it can't complete that action just at the moment.
  Sometimes, I try to send a message and the software keeps spinning without conclusion.
  I have to open Outlook again in a separate tab to discover that, yes, despite what the first tab was telling me, the message had been sent, but Outlook hadn't quite updated its outlook on that.
  When Outlook (and SkyDrive and Contacts) went down last week, it was more than awkward.
  It started with no mobile syncing and ended with no anything at all.
  After hours of this, I contacted Microsoft's Service arm via Twitter. The apologies were expansive. The explanations weren't.
  All I was told was: "Thanks for letting us know, Chris. Please keep checking for service status updates."
  This I did. However, even when the service status update finally said that Outlook was working normally, mine actually wasn't.
  Microsoft Support suggested I keep checking the service status updates. Franz Kafka, do you read me?
  "We understand your concern. We're working to resolve this as soon as possible. Check out for updates," read the message.
  Ultimately, the company explained that it was having caching problems.
  Three days seemed a very long time to solve them.
  For some time now, Microsoft has been telling me (and you) that Google is a quite heinous little organization.
  From the Scroogled campaign to an anti-Chrome campaign, I'm supposed to think that if Google bought me a latte, it would be polluted.
  Yet one thing Google can largely be trusted with it to make things that work more often than they don't. When it suffered an outage Friday, it also suggested people look at the service status board.
  The outage lasted between 2 and 5 minutes, and no meaningful explanation beyond "nothing to see here" was offered.
  That might reflect a certain confidence (or even arrogance) on Google's part, just as Microsoft's outage might reflect a certain confusion at its end.
  It's tempting to whisper that these two outages show two companies headed in opposite directions -- though, who knows, it's summer time, so perhaps Microsoft's best engineers are sunning themselves somewhere in the Bahamas, while interns man the fort. (Googlies don't do vacations, do they?)
  But there can surely be little doubt that Google buys loyalty (if not love) because its products just work, while Microsoft doesn't quite have the same reputation.
  Sunday morning, I looked again at the status of my Microsoft accounts.
  Everything seemed to be normal. Well, except: "A problem was recently resolved, and Calendar is now running normally."
  I'll keep using my three e-mail services. I might, though, spread the load a little differently.

Considering that Microsoft will never patch Windows XP again

  Microsoft has reminded, cajoled, and pleaded with customers to move off of Windows XP before support for its old OS expires next year. Now Microsoft warns customers that they might be topic to “zero-day” threats for the rest of their lives if they do not migrate.
  “The incredibly initially month that Microsoft releases safety updates for supported versions of Windows, attackers will reverse engineer those updates, obtain the vulnerabilities, and test Windows XP to find out if it shares those vulnerabilities,” he wrote. “If it does, attackers will attempt to develop exploit code that could reap the benefits of these windows 7 home basic product key vulnerabilities on Windows XP. Due to the fact a safety update will never ever turn out to be available for Windows XP to address these vulnerabilities, Windows XP will primarily possess a ‘zero-day’ vulnerability forever.”
  Zero-day vulnerabilities refer to the way in which hackers can attack an operating method or other code just before a patch is released, fixing the vulnerability. Considering that Microsoft will never patch Windows XP again following April 2014, sooner or later some vulneability that affects XP might be located.
  Among July 2012 and July 2013, Windows XP was an affected item in 45 Microsoft security bulletins. Thirty of these also affected Windows 7 and Windows 8, Rains wrote.
  Rains acknowledges that some protections in XP will enable mitigate attacks, and third-party antimalware application may supply some protection.
  “The challenge here is that you’ll in no way know, with any confidence, in the event the trusted computing base of the program can basically be trusted because attackers are going to be armed with public know-how of zero day exploits in Windows XP that could enable them to compromise the method and possibly run the code of their decision,” Rains wrote.
  That is the exact same argument that some have recently utilized, claiming that hackers will “bank” their zero-day XP attacks until soon after subsequent April, then unleash them around the unprotected herds of XP machines. As Rains notes, the sophistication of malware has only enhanced, which means that your XP machine is a lot more vulnerable, not significantly less. PCWorld’s Answer Line columnist, Lincoln Spector, agrees.
  The issue that some XP users have is that they’re so in appreciate with all the way that Windows XP does things that they’re reluctant to migrate, in particular to Windows eight. Well, Windows 7 machines do exist, that offer functionality similar to XP: here’s the way to locate them.
  The bottom line is this: although Microsoft stands to gain from arguing that buyers need to upgrade, the truth is: they do. So if you're nonetheless on Windows XP, begin thinking about a migration strategy.

Friday, 2 August 2013

Car hacking code released at Defcon

  You may hate parallel parking, but you're going to hate it even more when somebody commandeers control of your car with you in it.
  That was the scary scenario painted over the first two hours at the 21st annual Defcon hacker conference.
  "Car hacking is definitely coming," said Zoz, of Cannytophic Design, who presented on how to hack autonomous cars.
  Zoz's talk on vulnerabilities that autonomous autos will face followed a fast-paced explanation by well-known computer security experts Charlie Miller and Christopher Valasek of how they spent the past 10 months hacking the self-driving features of two popular cars. Miller, Valasek, and Zoz all spoke to standing-room only crowds of more than 1,000 people.
  While car hacking made a big splash at Defcon in 2010 and 2011, those hacks were not publicly documented. "We want it to take two months for everybody to do this," Miller said to loud applause from the packed house.
  Before going into their hacking explanation, Miller and Valasek admitted that they were not hardware hackers, and had little experience on hardware basics like splicing wires. But they only had one requirement for their test car: that it be able to drive itself.
  From there, hilarity ensued. Instead of following Toyota's guide to removing the dash of their test 2010 Prius, they used a crowbar. Subsequent videos and photos showed them driving around with a laptop wired to the open dash of a car, much to the amusement of the crowd.
  The pair also tested a 2010 Ford Escape.
  Prerecorded video demos of the hacks showed Miller and Valasek disabling the car's brakes, jerking the steering wheel back and forth while the car was in motion, accelerating, taking full control of the steering wheel, yanking the seat belt tight, turning off the engine, turning interior and exterior lights on and off, honking the horn, and making the console show a full tank of gas when it wasn't.
  Surprisingly, neither wore a helmet.
  At one point, the car wouldn't start, and they had to get it taken to the Toyota dealer for repairs. It turns out, Valasek said, that they had blown up the inverter. "They said they couldn't fix the car because they'd never seen this problem before."
  The two detailed much of the nitty-gritty of their hacking work, covering how they gained physical access to the car's computer and how they figured out how to program the car's computer.
  The documentation that they will be releasing in the next few weeks sounds comprehensive, totaling 101 pages of code and data.
  Zoz spent his talk in the next hour on the future of automation. Self-driving cars, he told, are essentially robots and will be particularly susceptible to the same kinds of hacks as less complicated robots.
  Many of these vulnerabilities will be related to directly hacking or indirectly altering the sensors that allow a car to navigate the road without causing accidents. Automated vehicles of all sorts, from person-carrying cars to small drones, rely on a multitude of sensors such as GPS, LIDAR, cameras, millimeter wave radar, digital compasses, wheel encoders, inertial measurement units, and on-board maps.
  There are two kinds of sensor attacks, Zoz said. Denial attacks prevent the sensor from recovering data, while spoofing causes the sensor to retrieve bad data.
  Each of the sensors on a car or drone can be successfully attacked in several low-cost, low-effort ways. A GPS sensor, he said, can be compromised by purchasing or building a cheap GPS jammer.
  Maps are particularly at risk. "You can't have your robot occasionally blowing through a red light," he said to much snickering from the audience.
  Zoz, as well as Miller and Valasek, kept returning to a particular point during their separate hour-long presentations: the goal of hacking cars isn't to cause widespread havoc, but to make them safer.
  "Now that we've released the data, you can think about how to stop these attacks," Miller said.
  And echoing Miller, Zoz also highlighted safety concerns. "When I talk about exploits and countermeasures, I want you to think about counter-countermeasures," he said.
  Ford and Toyota have both said that their focus is on preventing wireless hacks, but wireless technology is hardly a bastion of security. We may be approaching an era when the car itself could be to blame for crashes.

XP stay by far the most widely-used operating systems

  Windows 8 keeps clawing its way up the marketplace share charts, but not at the expense of Windows 7 or Windows XP.
  According to Netmarketshare, Windows 8’s marketplace share now stands at 5.4 %, up 0.three % from a month ago when it ultimately surpassed Windows Vista. As soon as once again, Vista’s industry share declined final month, this time by about 0.38 %, to a total of 4.24 percent.
  Meanwhile, Windows 7 and Windows XP are holding powerful. In truth, Windows 7’s market place share elevated final month by 0.12 %, and Windows XP saw a 0.02 % bump in industry share regardless of the looming end of XP help by Microsoft. Each Windows 7 and XP stay by far the most widely-used operating systems by far, with 44.49 % and 37.19 percent from the market place, respectively, in accordance with Netmarketshare.
  In other words, any marketplace share that Windows eight gained final month appears to be in the expense of Windows Vista.
  Though it is not surprising that customers are eager to upgrade in the widely-panned operating system, having people today to switch from XP or Windows 7 could be tougher for Microsoft, in particular amongst users who want to stick with a regular desktop interface.
  Windows eight.1 will make some concessions for all those customers, together with the return on the Start out button, a boot-to-desktop option, quicker access to advanced desktop functions, along with a solution to stop modern-style menus from popping up through desktop use.
  But ultimately, Microsoft and Computer makers ought to convince the masses that they will need to upgrade their hardware to touch-enabled laptops, hybrids, or desktops. More affordable touchscreen devices could assistance on that front, but it’ll likely be a while just before the marketplace share needle moves significantly for Windows XP and Windows 7.