Hackers attacked the U.S. weather system in October, causing a disruption in satellite feeds and several pivotal websites.

The National Oceanic and Atmospheric Administration, NOAA, said that four of its websites were hacked in recent weeks. To block the attackers, government officials were forced to shut down some of its services.

This explains why satellite data was mysteriously cut off in October, as well as why the National Ice Center website and others were down for more than a week. During that time, federal officials merely stated a need for "unscheduled maintenance."
Still, NOAA spokesman Scott Smullen insisted that the aftermath of the attack "did not prevent us from delivering forecasts to the public."
Little more is publicly known about the attack, which was first revealed by The Washington Post. It's unclear what damage, if any, was caused by the hack.
But hackers managed to penetrate what's considered one of the most vital aspects of the U.S. government. The nation's military, businesses and local governments all rely on nonstop reports from the U.S. weather service.
The impact of the hack was real: Scientists at Atmospheric and Environmental Research in Lexington, Massachusetts were unable to send a preliminary report about weather patterns to traders and investors earlier this year.
"We were shut out entirely. That's our one source of data," said Rutgers climatologist David Robinson, whose global snow lab also relies on the satellite data.
The cyberattack on the U.S. weather system is only the latest one on the United States. The White House was hacked last month. Shortly before that, hackers breached USIS, a federal contractor that knows who has top security clearances for the U.S. government -- because it provides background checks.
Typically, cybersecurity experts blame Russia for hacks on the nation's infrastructure -- or sometimes China.

Read More

 

Microsoft has patched a critical bug in its software that had existed for 19 years.

IBM researchers discovered the flaw, which affects Windows and Office products, in May this year - but worked with Microsoft to fix the problem before going public.
The bug had been present in every version of Windows since 95, IBM said.
Attackers could exploit the bug to remotely control a PC, and so users are being urged to download updates.
Microsoft has addressed the problem in its monthly security update, along with more than a dozen patches to fix other security issues, with a further two to be rolled out soon.
In a blog post explaining the vulnerability in depth, IBM researcher Robert Freeman wrote: "The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user's machine."
In computer security, a drive-by attack typically means making users download malicious software.
The bug had been "sitting in plain sight", IBM said.
The vulnerability - dubbed WinShock by some - has been graded as 9.3 out of a possible 10 on the Common Vulnerability Scoring System (CVSS), a measure of severity in computer security.
Six figures One of the other bugs affects Microsoft's Windows Server platforms - putting the security of websites that handle encrypted data at risk.
Specifically, it relates to Microsoft Secure Channel, known as Schannel, Microsoft's software for implementing secure transfer of data.
Schannel now joins the other major secure standards - Apple SecureTransport , GNUTLS, OpenSSL and NSS - in having a major flaw discovered this year.

 

The bug has been likened to Heartbleed, a major security issue also affecting secure data transfer

 

Security experts had compared this latest flaw to other significant problems that had come to light this year such as the Heartbleed bug.
However, they added that while its impact could be just as significant, it might be more difficult for attackers to exploit.
As with Heartbleed, the exploit relates to vulnerabilities in the technology used to transfer data securely - known as SSL (Secure Sockets Layer).
Potentially 'disastrous' There is no evidence the bug identified by IBM has been exploited "in the wild", but now that a patch has been issued and the problem made public, experts have predicted attacks on out-of-date machines would be "likely".
The bug would have probably been worth more than six figures had it been sold to criminal hackers, the researchers added.
Gavin Millard, from Tenable Network Security, said the fact there had been no known attacks yet should not dampen concerns.
"Whilst no proof-of-concept code has surfaced yet, due to Microsoft thankfully being tight-lipped on the exact details of the vulnerability, it won't be long until one does, which could be disastrous for any admin that hasn't updated."

Read More

Facebook gets down to Privacy Basics for simplicity's sake

Facebook is trying to share more about itself.
The world's largest social network, which has been knocked for failing to be transparent on how it gathers data on its users, said Thursday it is updating its data policy to make it shorter and clearer to understand. It's also rolling out "Privacy Basics," a Web page with interactive tips and guides on how to control your information on the site.
"Privacy Basics is the latest step we've taken to help you make sure you're sharing with exactly who you want," the company said Thursday.
Facebook is taking comments and suggestions about the changes until Nov. 20. The company plans to provide final updates after that.
Now with 1.35 billion active users, Facebook has routinely faced criticism for not properly disclosing how it tracks its users on its site and around the Web so it can package that information for advertisers. Users have complained about Facebook's confusing privacy policies and continuously changing privacy controls. The company is also subject to the terms of a 2011 settlement with the Federal Trade Commission under which it must receive explicit approval before sharing more users' privacy information than it already does.
The changes introduced Thursday don't alter how Facebook collects its data, nor do they affect user settings, but are a way for the company to tell people a little more clearly what it does with user information. Some of the changes are only available in certain regions.
The data policy was color-coded and put on one page, instead of broken up into several pages, and can be searched by basic questions, such as "How is this information shared?" or "How can I manage or delete information about me?" Additionally, Privacy Basics provides users with general information about Facebook features like untagging, unfriending and blocking.
The company also said people can make changes to which ads they want to see on one device and those changes will now apply on every device used to access a Facebook account.

Read More

Apple malware affects mostly Chinese users

Malware has bypassed Apple's safety controls by taking advantage of a process used by employers to add apps to workers' iPhones and iPads.

US-based Palo Alto Networks said WireLurker appeared to have originated in China and was mostly infecting devices there.
The malware first targets Mac computers via a third-party store before copying itself to iOS devices.
Researchers warn it steals information and can install other damaging apps.
"WireLurker is unlike anything we've ever seen in terms of Apple iOS and OS X malware," said Ryan Olson, Palo Alto Network's intelligence director.
"The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world's best-known desktop and mobile platforms."
WireLurker has the ability to transfer from Apple's Mac computer to mobile devices through a USB cable.

 

 The malware initially gets onto an iOS device via a USB link to an infected Mac computer 

 

The security firm said the malware was capable of stealing "a variety of information" from mobile devices it infects and regularly requested updates from the attackers' control server.
"This malware is under active development and its creator's ultimate goal is not yet clear," the company added.
Apple has issued a brief statement.
"We are aware of malicious software available from a download site aimed at users in China, and we've blocked the identified apps to prevent them from launching," it said.
"As always, we recommend that users download and install software from trusted sources."
Work apps According to Palo Alto Networks, WireLurker was first noticed in June when a developer at the Chinese firm Tencent realised there were suspicious files and processes happening on his Mac and iPhone.
Further inquiries revealed a total of 467 Mac programs listed on the Maiyadi App Store had been compromised to include the malware, which in turn had been downloaded 356,104 times as of 16 Oct.
Infected software included popular games including Angry Birds, The Sims 3, Pro Evolution Soccer 2014 and Battlefield: Bad Company 2.
Once the malware was on the Mac, it communicated with a command-and-control server to check if it needed to update its code, and then waited until an iPhone, iPad or iPod was connected.
When an iOS device was connected the malware would check if it was jailbroken - a process used by some to remove some of Apple's restrictions.
If it was jailbroken, WireLurker backed up the device's apps to the Mac, where it repackaged them with malware, and then installed the infected versions back on to the iOS machine.
If it was not jailbroken - which is the case for most iOS devices - WireLurker took advantage of a technique created by Apple to allow businesses to install special software on their staff's handsets and tablets.

 

Wirelurker hides its code inside software that is initially downloaded to a Mac computer

 

This involved placing infected apps on the device that had been signed with a bogus "enterprise certificate" - code added to a product that is supposed to prove it comes from a trustworthy source.
To ensure the devices accepted this certificate, a permissions request was made to pop up on the targeted iOS device on the user's first attempt to run an infected app.
It simply asked for permission to run the app, but if the user clicked "continue" it installed code called a "provisioning profile", which told the iOS device it could trust any other app that had the same enterprise certificate.
Palo Alto Networks remarked that while this technique was not a new concept, it was the only known example of it being used to target non-jailbroken iOS devices in the wild.
Once active, the malware is used to upload information about the machine to the hackers, including phone numbers from its Contacts app, and the user's Apple ID.
Different versions of WireLurker also automatically installed new apps on the devices - including a video game and a comic book reader.

 

The hackers fooled users into approving a bogus enterprise certificate

 

While these were innocuous, experts warn they could represent a test run for other more damaging software.
"People have got very used to iOS being secure and there is a danger they may be complacent about the risk this presents," said Prof Alan Woodward, from the University of Surrey.
"Now Apple knows what it's looking for, it should be able to shut it down relatively easily. But it shows that people are trying to attack Apple's operating system and the firm can't take security for granted."
Under attack News of the attack comes after tech giant Apple's iCloud storage service in China was attacked by hackers trying to steal user information just last month.
Chinese web monitoring group Greatfire.org said that hackers intercepted data and potentially gained access to passwords, messages, photos and contacts. They believed the Beijing government was behind the move.
But, the Chinese government denied the claims and was backed by state-owned internet provider China Telecom, which said the accusation was "untrue and unfounded".
China is home to the world's biggest smartphone market and Apple saw its iPhone sales there jump 50% in the April to June quarter from a year earlier.
To minimise the risk of attack, Palo Alto Networks has recommended that users:

• Do not download Mac apps from third-party stores
• Do not jailbreak iOS devices
• Do not connect their iOS devices to untrusted computers and accessories, either to copy information or charge the machines
• Do not accept requests for a new "enterprise provisioning profile" unless it comes from an authorised party, for example the employer's IT department

Read More

Tech giant Intel backs schoolboy inventor

 

Mr Banerjee's original Braille printer was made out of Lego robotics parts

 

A 13-year-old boy from California has secured funding from Intel to bring a low-cost Braille printer to market.

Intel has not disclosed the exact sum it is giving to Shubham Banerjee, but the Reuters news agency reported it was "a few hundred thousand dollars".
The teenager rose to prominence after showing off a prototype version made with Lego kit, at the White House, when he was aged just 12.
Only a minority of blind people use Braille.
The Royal National Institute of Blind People (RNIB) estimates that about 4% of visually impaired children and young people in England currently use it.
Even so, the charity greeted the news.
"We welcome investment in technology that aims to improve everyday life for blind and partially sighted people, and especially applaud this brilliant initiative from such a young entrepreneur," said Clive Gardiner, RNIB's head of reading and digital services.

 

 Mr Banerjee showed off an early version of Braigo v2.0 in September

 

"Electronic Braille has great potential, but has been hindered to date by high device costs for users.
"New innovations for low-cost Braille printers such as this one... can transform reading choices for people with sight loss who read Braille.
"We look forward to hearing more about its progress."
Braille 2.0 Until now, Mr Banerjee's company - Braigo Labs - had relied on $35,000 (£21,920) worth of cash from his parents to turn what was originally a science fair project into a proper Silicon Valley start-up.
The original Braigo v1.0 printer used Lego's Mindstorms EV3 robotics kit as well as parts from a local home renovations store.
Users wrote text via an attached keypad, which the machine then converted into Braille, bashing out the raised bumps on a scroll of paper.
The invention won Mr Banerjee several awards and a place at the White House's inaugural Maker Faire in June, attended by President Barack Obama.
He has since begun work on a follow-up version, which is powered by Intel's budget-priced Edison chip and uses 3D-printed parts.

 

Intel announced the investment in Braigo Labs at an event in California

 

"It is less power-hungry and has the future possibilities of using batteries... in remote places of the world," Mr Banerjee said when he showed off the work-in-progress at an event hosted by Intel in September.
"The capabilities of Edison enabled me to do a whole set of use cases I hadn't previously thought about.
"For example, when we wake up in the morning we look at our smartphone or tablet to see the headline news.
"With Edison, we've set it up so the CNN headlines are printed off automatically every morning."
The teenager hopes in time to sell a commercial model that will cost around $350 - about a fifth of the price of the lowest-cost alternatives.
But while he is one of the youngest tech entrepreneurs to find success, he is not dedicating his life to the project at this stage.
"It's an after-school thing," he told Reuters.
Such investments can make good business sense for large tech firms.
Yahoo gained both a project chief and a lot of positive publicity when it employed British app developer Nick D'Aloisio in 2013, when he was 17-years-old.

Read More

Inflatable baby incubator wins James Dyson Award

 

The incubator's inventor says it can match the performance of systems 100 times the price

 

A prototype inflatable incubator for prematurely-born babies has been picked as the international winner of this year's James Dyson Award.

Mom costs a fraction of the price to make than commonly-used alternatives.
The project's inventor - Loughborough University graduate James Roberts - said he hoped the final product would be used in the developing world.
One expert said it should be a good stand-in so long as the babies using it were not too premature.
Mr Roberts said that he had begun work on Mom as part of a final year project inspired by a TV documentary.
"I was watching a Panorama programme on BBC about Syrian refugees, and they had a segment about how there are loads of premature kids dying because of the stresses of war and specifically the lack of incubators out there and the infrastructure to support them," he recalled.
"I thought there has to be a way to solve that."
He added that the £30,000 award meant that he could continue work on the machine, which he now hopes to bring to market by 2017.
Jaundice lamp The device is designed to be delivered as flat-packed parts that are assembled at their destination.

 

The electronic components of the prototype Mom are controlled by an Arduino computer

 

At its heart is a sheet of plastic containing inflatable transparent panels that are blown up manually and then heated by a ceramic element. This wraps around the interior of the unit to keep a newborn warm.
"When it's opened it won't collapse in on the child and will maintain its shape," Mr Roberts stressed.
An Arduino computer is used to keep the temperature stable, control humidification, and manage a phototherapy lamp that can be used to treat jaundice, as well as sound an alarm.
The electronic components are designed to use as little power as possible and can be run off a car battery for more than 24 hours when mains electricity is not available.
The modular design of the kit allows damaged parts to be replaced without compromising the whole unit. And after the child is taken out of the incubator, it can be collapsed and the plastic sheet sterilised so that Mom can be easily transported for re-use elsewhere.
"Normally with incubators it costs loads to get them anywhere because you need huge boxes to put them in, and that can cost a lot to put on a flight," Mr Roberts said.
"This one can go in a care packages already used for refugee camps."

 

The incubator can be powered by a car battery for more than a day at a time

 

He estimated that the current prototype would cost about £250 to manufacture, and suggested it would offer a similar level of performance to modern systems that cost £30,000.
'Fantastically elegant' Mom's design was praised by one of the UK's leading neonatal experts.
"In resource-poor settings, the cold is one of the biggest killers of babies that are born slightly premature," said Dr Martin Ward Platt, a consultant paediatrician at Newcastle's Royal Victoria Infirmary.
"Just being able to maintain a good and stable environment is of enormous importance.
"We mustn't lose sight of the fact you can achieve a huge amount of that simply by keeping a baby in contact with a mother's body. But for a variety of reasons, that isn't always going to be possible, particularly if the mother becomes ill herself.

 

Mr Roberts received £30,000 as a result of winning the James Dyson Award

 

"And in a refugee camp, where it may be necessary to separate a baby from her mother, this provides a fantastically elegant and cheap solution."
Dr Platt added that normal hospital incubators cost so much because they were designed to cope with babies born with as little as a seventh of the normal birth weight, who would need intensive care for weeks or even months - which Mom is not designed for.
But, the doctor said, doing away with some of the "bells and whistles" in order to "do the basics very well" made sense in situations where expensive kit was not available.
However, he was sceptical of Mr Roberts' suggestion that a version of Mom might end up being stored in ambulances and used in remote parts of the UK to transport prematurely born babies to hospital.
Even so, the inventor suggested that the modular nature of the incubator could make it easy to adapt its parts for different needs.
"I've been approached by a few companies who want to work with me on it, but I have to decide what I want to do," Mr Roberts added.
The runners-up in the competition were:

• Qolo - an electric chair that can be controlled by the user tilting and twisting their upper body
• Suncayr - a pen with colour changing ink that can be applied to the skin to let the user know when they should reapply sun cream
• Bruise - an injury detection suit for disabled athletes

Read More

Warning on effects of 3D on vision

Children up to the age of 13 should have only moderate exposure to 3D, the report finds

A French health watchdog has recommended that children under the age of six should not be allowed access to 3D content.

The Agency for Food, Environmental and Occupational Health and Safety (Anses) added that access for those up to the age of 13 should be "moderate".
It follows research into the possible impact of 3D imaging on still-developing eyes.
Few countries currently have guidelines about 3D usage.
According to Anses, the process of assimilating a three-dimensional effect requires the eyes to look at images in two different places at the same time before the brain translates it as one image.
"In children, and particularly before the age of six, the health effects of this vergence-accommodation conflict could be much more severe given the active development of the visual system at this time," it said in a statement.
Nintendo warning It is not the first time questions have been raised about the safety of 3D, which is used in many feature films as well as on some video games, TVs and computer screens.
Italy has sought to restrict the use of 3D glasses by young children, following a similar warning from its national health agency last year.
When Nintendo released its 3D video console in 2010 it warned that playing games on it could damage the eyesight of children under six.
More and more firms are creating 3D-enabled products and Apple is rumoured to be developing a 3D display that can be viewed without the need to wear special glasses.
The American Optometric Association has said that it has had no reports of eye damage as a a result of viewing 3D content.

Read More