A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation. […] Dubbed “Flame” by Russia-based anti-virus firm Kaspersky Lab […]

The malware, which is 20 megabytes when all of its modules are installed, contains multiple libraries, SQLite3 databases, various levels of encryption — some strong, some weak — and 20 plug-ins that can be swapped in and out to provide various functionality for the attackers. It even contains some code that is written in the LUA programming language — an uncommon choice for malware.

Kaspersky Lab is calling it “one of the most complex threats ever discovered.” […]

Gostev says that because of its size and complexity, complete analysis of the code may take years. “It took us half-a-year to analyze Stuxnet,” he said. “This is 20-times more complicated. It will take us 10 years to fully understand everything.” […]

Among Flame’s many modules is one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity; a module that turns Bluetooth-enabled computers into a Bluetooth beacon, which scans for other Bluetooth-enabled devices in the vicinity to siphon names and phone numbers from their contacts folder; and a module that grabs and stores frequent screenshots of activity on the machine, such as instant-messaging and email communications, and sends them via a covert SSL channel to the attackers’ command-and-control servers.

The malware also has a sniffer component that can scan all of the traffic on an infected machine’s local network and collect usernames and password hashes that are transmitted across the network. The attackers appear to use this component to hijack administrative accounts and gain high-level privileges to other machines and parts of the network. […]

Because Flame is so big, it gets loaded to a system in pieces. The machine first gets hit with a 6-megabyte component, which contains about half-a-dozen other compressed modules inside. The main component extracts, decompresses and decrypts these modules and writes them to various locations on disk. The number of modules in an infection depends on what the attackers want to do on a particular machine.

Once the modules are unpacked and loaded, the malware connects to one of about 80 command-and-control domains to deliver information about the infected machine to the attackers and await further instruction from them. The malware contains a hardcoded list of about five domains, but also has an updatable list, to which the attackers can add new domains if these others have been taken down or abandoned.

While the malware awaits further instruction, the various modules in it might take screenshots and sniff the network. The screenshot module grabs desktop images every 15 seconds when a high-value communication application is being used, such as instant messaging or Outlook, and once every 60 seconds when other applications are being used.

{ Wired | Continue reading }

They will be custom bugs, designer bugs — bugs that only Venter can create. He will mix them up in his private laboratory from bits and pieces of DNA, and then he will release them into the air and the water, into smokestacks and oil spills, hospitals and factories and your house.

Each of the bugs will have a mission. Some will be designed to devour things, like pollution. Others will generate food and fuel. There will be bugs to fight global warming, bugs to clean up toxic waste, bugs to manufacture medicine and diagnose disease, and they will all be driven to complete these tasks by the very fibers of their synthetic DNA.

Right now, Venter is thinking of a bug. He is thinking of a bug that could swim in a pond and soak up sunlight and urinate automotive fuel. He is thinking of a bug that could live in a factory and gobble exhaust and fart fresh air. […]

The challenge of building a synthetic bacterium from raw DNA is as byzantine as it probably sounds. It means taking four bottles of chemicals — the adenine, thymine, cytosine and guanine that make up DNA — and linking them into a daisy chain at least half a million units long, then inserting that molecule into a host cell and hoping it will spring to life as an organism that not only grows and reproduces but also manufactures exactly what its designer intended. […]

The future, he says, may be sooner than we think. Much of the groundwork is already done. In 2003, Venter’s lab used a new method to piece together a strip of DNA that was identical to a natural virus, then watched it spring to action and attack a cell. In 2008, they built a longer genome, replicating the DNA of a whole bacterium, and in 2010 they announced that they brought a bacterium with synthetic DNA to life. That organism was still mostly a copy of one in nature, but as a flourish, Venter and his team wrote their names into its DNA, along with quotes from James Joyce and J. Robert Oppenheimer and even secret messages. As the bacteria reproduced, the quotes and messages and names remained in the colony’s DNA. […]

“Agriculture as we know it needs to disappear,” Venter said. “We can design better and healthier proteins than we get from nature.” By this, he didn’t mean growing apples in a Petri dish. He meant producing bulk commodities like corn, soy and wheat, that we use in processed products like tofu and cereal. “If you can produce the key ingredients with 10 or 100 times the efficiency,” he said, “that’s a better use of land and resources.”

{ NY Times | Continue reading }

images { 1 | 2 }

You may recall last summer that Apple, Microsoft, EMC, RIM, Ericsson and Sony all teamed up to buy Nortel’s patents for $4.5 billion. They beat out a team of Google and Intel who bid a bit less. While there was some antitrust scrutiny over the deal, it was dropped and the purchase went through. Apparently, the new owners picked off a bunch of patents to transfer to themselves… and then all (minus EMC, who, one hopes, was horrified by the plans) decided to support a massive new patent troll armed with the remaining 4,000 patents. The company is called Rockstar Consortium, and it’s run by the folks who used to run Nortel’s patent licensing program anyway — but now employs people whose job it is to just find other companies to threaten.

{ TechDirt | Continue reading }

Microsoft tops the list of companies making the most requests to Google to takedown copyrighted material.

Google’s Transparency Report previously tracked the number of requests from governments and released data on copyright requests to the Chilling Effects website. Now, it has decided to start publishing more details after a jump in the number of copyright-related notices, largely under the US DMCA, which requires Google to stop linking to sites if it receives a complaint.

“These days it’s not unusual for us to receive more than 250,000 requests each week, which is more than what copyright owners asked us to remove in all of 2009.”

{ PC Pro | Continue reading }

painting { Franz Kline, Suspended, 1953 }

I was like all of you. I believed in the promise of the Internet to liberate, empower and even enrich artists. I still do but I’m less sure of it than I once was. I come here because I want to start a dialogue. I feel that what we artists were promised has not really panned out. Yes in many ways we have more freedom. Artistically this is certainly true. But the music business never transformed into the vibrant marketplace where small stakeholders could compete with multinational conglomerates on an even playing field.

In the last few years it’s become apparent the music business, which was once dominated by six large and powerful music conglomerates, MTV, Clear Channel and a handful of other companies, is now dominated by a smaller set of larger even more powerful tech conglomerates. And their hold on the business seems to be getting stronger. […]

Everywhere I look artists seem to be working more for less money.

{ David Lowery/The Trichordist | Continue reading }

photo { Dash Snow }

Facebook is just another ad-supported site. Without an earth-changing idea, it will collapse and take down the Web. […]

The daily and stubborn reality for everybody building businesses on the strength of Web advertising is that the value of digital ads decreases every quarter, a consequence of their simultaneous ineffectiveness and efficiency.

{ Technology Review | Continue reading }

At least four law suits have been filed as of Wednesday, including one suit by a Maryland investor alleging that Nasdaq OMX Group “badly mishandled” the IPO such that trades were delayed and orders couldn’t be canceled. […]

For example, according to his complaint, Goldberg himself tried to make a series of limit buy orders via an online account. When the trades failed to execute, he tried to cancel them. His cancellation orders were reflected as pending for much of the day, and one trade, to purchase Facebook shares at $41.23, was executed three hours after the order was made, when the stock’s price had dropped to around $38. […]

Meanwhile, three other suits have been lodged against Facebook and numerous financial service firms who underwrote or otherwise took part in the IPO.

For example, Lieff Cabraser Heimann & Bernstein, announced that it had filed a class action lawsuit on behalf of all persons and entities who purchased the securities of Facebook, Inc. in connection with its $16 billion initial public offering of common stock on May 18, 2012 (the “IPO”).

The action was brought against Facebook, some of its officers and directors, and the underwriters of the IPO for violations of the federal securities laws.

Meanwhile, Los Angeles law-firm Glancy Binkow & Goldberg LLP, filed its own class action lawsuit on behalf of investors. The complaint, captioned Lazar v. Facebook, Inc., et al., was filed today in the Superior Court for the State of California, County of San Mateo, on behalf of a class consisting of all persons or entities who purchased the securities of Facebook.. It alleges, among others, that the offering materials provided to potential investors were negligently prepared and failed to disclose material information about Facebook’s business, operations and prospects, in violation of federal securities laws.

{ Securities Technology Monitor | Continue reading }

Fri May 18, 2012 11:44am EDT

“A 15 to 20 percent pop is in the realm of possibility,” said Tim Loughran, a finance professor at the University of Notre Dame, before the start of trade. […]

Some expect shares could rise 30 percent or more on Friday, despite ongoing concerns about Facebook’s long-term money-making potential. An average of Morningstar analyst estimates put the closing price for Facebook shares on Friday at $50.

{ Reuters | Continue reading }

related { Morgan Stanley told brokers on Wednesday it is reviewing every Facebook Inc trade and will make price adjustments for retail customers who paid too much }

photo { Joel Barhamand }

Just a couple of weeks ago, we discussed a Chinese experiment in which physicists teleported photons over a distance of almost 100 kilometres. That’s almost an order of magnitude more than previous records.

Today, European physicists say they’ve broken the record again, this time by teleporting photons between the two Canary Islands of La Palma and Tenerife off the Atlantic coast of north Africa, a distance of almost 150 kilometres.

{ The Physics arXiv Blog | Continue reading }

By 2025, when most of today’s psychology undergraduates will be in their mid-30s, more than 5 billion people on our planet will be using ultra-broadband, sensor-rich smartphones far beyond the abilities of today’s iPhones, Androids, and Blackberries.

Although smartphones were not designed for psychological research, they can collect vast amounts of ecologically valid data, easily and quickly, from large global samples. If participants download the right “psych apps,” smartphones can record where they are, what they are doing, and what they can see and hear and can run interactive surveys, tests, and experiments through touch screens and wireless connections to nearby screens, headsets, biosensors, and other peripherals.

This article reviews previous behavioral research using mobile electronic devices, outlines what smartphones can do now and will be able to do in the near future, explains how a smartphone study could work practically given current technology (e.g., in studying ovulatory cycle effects on women’s sexuality), discusses some limitations and challenges of smartphone research, and compares smartphones to other research methods.

{ SAGE | PDF }

photo { Tamir Sher }

Human beings are motivated to form and maintain interpersonal relationships. In this context, self-presentation and self-disclosure have been described as strategies to initiate the formation of relationships: Especially in early stages, people have to attract the attention of others by means of self-presentational behavior. Therefore, presenting him- or herself in a positive and elaborated way can be seen as one way to establish new contacts and thereby satisfy the so-called need to belong. The term “impression management” aptly describes this strategy “to convey an impression to others which it is in his interests to convey.” In real-life situations, these impression management behaviors consist of intentional verbal communication (speech, written texts) as well as of possibly unintentional nonverbal expressions.

Nowadays, with the help of social networking sites (SNS) on the Internet such as Facebook, further possibilities are given to present oneself to others: Users can, for instance, upload photographs, join groups, and provide personal information. Thus, each profile owner can make use of these specific features by selecting information which presents him/her in a positive and attractive manner. This online impression management can therefore also be useful to attract potential partners. According to previous studies on Web 2.0, self-presentation is one of the major motives for using these websites, besides communicating with friends and finding new contacts. […]

An analysis of 100 online profiles showed that singles disclosed more photographs of themselves on their profiles than people in relationships. The highest numbers of friends and wall postings were shown by people who did not reveal their relationship status. Singles displayed more groups on their profile and were more likely to join user groups dealing with parties, sexual statements as well as fun and nonsense.

{ Cyberpsychology | Continue reading }

Nokia accuses Apple of bias after Siri no longer says that the Lumia 900 is the best smartphone ever

Until recently Siri had responded that the best smartphone was the newly-released Nokia Lumia 900, although this is no longer the case. […] If you now ask the question, Siri responds tongue-in-cheek “Wait… there are other phones?”

{ TechWeek | Continue reading }

Photographers: you’re being replaced by software

For the first time in history, photography is about to lose control of its monopoly on affordable, convincing realism and it’s time for us to understand that realism has never been the most important feature of the photograph.

{ Photo Journal | Continue reading }

New York City agency pushes plan to prevent cyberattacks on elevators, boilers

What would happen if an attacker broke into the network for the industrial control systems for New York City’s elevators and boiler systems and decided to disrupt them?

“You could increase the speed of how elevators go up or down,” says Steve Ramirez, business analyst, analysis and communications in the Office of the CIO of the New York City Housing Authority (NYCHA), which provides public housing for low- to moderate-income families in the five boroughs of the city. And if attackers ever successfully penetrated the network-based industrial control systems (ICS) for the boilers, they could raise the heat levels for municipal boilers, causing them to explode.

{ Network World | Continue reading }

photo { Bill Sullivan }

{ Anything, including liquid water, can be a touch-screen thanks to a new sensory system designed by a scientist from Disney Research | TPM | full story }

We’ve been told by the New York Times, you know, the newswpaper of record, that Apple only paid a 9.8% tax rate last year.

As it stands, the company paid cash taxes of $3.3 billion around the world on its reported profits of $34.2 billion last year, a tax rate of 9.8 percent.

This really is the most gargantuan ignorance on their part.
The $3.3 billion has nothing, nothing at all, to do with the $34.2 billion: something which any accountant at all could have told them.

{ Forbes | Continue reading }

related { For every $1 Google spends lobbying, Apple spends 10¢ }

Employees are often required to cede the rights to their designs and inventions to their employers. But Twitter Inc. has recently upended that tradition by drafting a policy that will put control over how such patents are enforced into the hands of its engineers and employees. […]

Come Lague, the chief executive of Zetta Research, which buys patents from failed start-ups and sells them to other companies, believes Twitter’s new policy could affect the value of its own patents.

{ WSJ | Continue reading }

{ Apple auto-disables outdated versions of Flash Player in latest software update. The move appears to be welcomed by Adobe. }

Tel Aviv University research finds that smart phone users develop new concepts of privacy in public spaces. […]

Smart phone users are 70 percent more likely than regular cellphone users to believe that their phones afford them a great deal of privacy, says Dr. Toch, who specializes in privacy and information systems. These users are more willing to reveal private issues in public spaces. They are also less concerned about bothering individuals who share those spaces, he says.

{ American Friends of TAU | Continue reading }

painting { Rogier van der Weyden, Portrait of a Woman, c. 1460 }

What, you didn’t know the Internet was self-destructing? Well it is.

Bufferbloat, my #1 prediction from 2011, is an artifact of cheap memory and bad planning in the Internet Age. In order to keep our porn streaming without interruption we add large memory buffers in applications, network cards or chipsets, routers, more routers, and even more routers until the basic flow control techniques of the TCP protocol are completely overwhelmed. Data glugs through the system like a gas can with no vent.  Our solution to date has been to make our pipes (and therefore our glugs) bigger, but in the long run that won’t help. Latency increases and performance declines.

Many Internet users are unaware of bufferbloat because it has been masked by faster computers and bigger pipes and because it sneaked up on us slowly over time. But here’s a test. Think back to your first broadband cable or DSL Internet connection, right after you finally got rid of dial-up. How much faster is your Internet connection today than it was back then?  Don’t think in terms of numbers but of subjective performance.  It’s not much faster at all, is it? That’s bufferbloat.

{ Cringely | Continue reading }

{ A new anti Wi-Fi wallpaper, developed by french scientists, will go on sale in 2013 }