Month: May 2016

(credit: Garrett Ewald)

The investigation into the attempted $1 billion electronic heist at the Bangladesh central bank has expanded to as many as 12 more banks that all use the SWIFT payment network.

Security firm FireEye, investigating the hack, has been contacted by numerous other banks, including some in New Zealand and the Philippines. While most of the attempted transfers in the original heist were cancelled, some $81 million was sent to the Philippines and subsequently laundered through casinos. The SWIFT organization in a statement said that some of these reports may be false positives, and that banks should rigorously review their computing environments to look for hackers.

Symantec, meanwhile, has corroborated earlier claims from BAE Systems that the hackers that stole from the Bangladesh central bank are linked to the hackers that have attacked targets in the US and South Korea since 2009, and that hacked Sony Pictures in 2014. The FBI claimed that those hackers were North Korean. Symantec's rationale is the same as that of BAE; malware found at the bank, Sony, and other victims, all appears to share common code for securely deleting files to cover its tracks.

(credit: NIAID)

Over the next day or so, you may see headlines and reports about a “nightmare” “superbug” that has been detected for the first time in the US.

So far, the Washington Post reports:
“The superbug that doctors have been dreading just reached the U.S.”
And the article starts with: “For the first time, researchers have found a person in the United States carrying bacteria resistant to antibiotics of last resort.”

CNN had a similarly alarming, but distinct headline:
“'Nightmare' drug-resistant bacteria CRE found in U.S. woman”

Theranos CEO and founder Elizabeth Holmes. (credit: Max Morse for TechCrunch)

Amid the looming possibility of federal sanctions and criminal charges, Theranos is now facing two lawsuits by patients who say they were duped into using the company’s blood testing services. Apparently, Walgreens also feels hoodwinked.

The pharmacy chain, which signed a blood testing deal with Theranos back in 2013, failed to vet claims about the company’s proprietary testing devices prior to getting into bed with the unproven startup, according to a report in The Wall Street Journal.

Walgreens made moves to try to get out of the deal after quality and accuracy problems at Theranos came to light last October. But, fearing breach-of-contract litigation that could open the door to Theranos getting billions in damages, Walgreens has yet to nix the partnership. They have, however, shelved plans to expand Theranos testing in Walgreens pharmacies. Currently, Theranos runs 45 “wellness centers” in Arizona and California, including 40 in Walgreens stores.

Enlarge

As Microsoft pats itself on the back for its crackdown on easily cracked passwords, keep this in mind: a quick check shows users still have plenty of leeway to make poor choices. Like "Pa$$w0rd" (excluding the quotation marks).

As a Microsoft program manager announced earlier this week, the Microsoft Account Service used to log in to properties such as Xbox Live and OneDrive Azure has been dynamically banning commonly used passwords during the account-creation or password-change processes. Try choosing "12345678," "password," or "letmein"—as millions of people regularly do—and you'll get a prompt telling you to try again. Microsoft is in the process of adding this feature to the Azure Active Directory so enterprise customers using the service can easily stop employees from taking security shortcuts, as well.

But a quick check finds it's not hard to get around the ban. To wit: "Pa$$w0rd1" worked just fine. And in fairness to Microsoft, Google permitted the same hopelessly weak choice.

SAN FRANCISCO—Following a two-week trial, a jury has found that Google's Android operating system does not infringe Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use."

The verdict was reached after three days of deliberation.

The verdict in Google's favor ends the trial, which began earlier this month. If Oracle had won, the same jury would have gone into a "damages phase" to determine how much Google should pay. Because Google won, the trial is over, although the result will surely be appealed.

The Falcon 9 rocket with its Thaicom payload on the launch pad in Florida. (credit: SpaceX)

Fresh off two straight launches and unprecedented water landings of its Falcon 9 rocket, SpaceX will try for a third sea-based landing this evening after it launches a 3,000kg Thaicom communications satellite to a supersynchronous transfer orbit. The two-hour launch window opens at 5:40pm ET (10:40pm BST). Weather is 90 percent "go" for a launch today.

Like a similar launch three weeks ago, the Thaicom mission will require the first stage of the Falcon 9 rocket to reach a high velocity relative to the Earth's surface before separating from its payload. "As with other missions going to geostationary orbits, the first-stage will be subject to extreme velocities and re-entry heating, making a successful landing challenging," the company stated in its mission overview.

SpaceX has now shown it can land in relatively benign reentry conditions, as it did in April after delivering a payload to the International Space Station and in "hot and fast" conditions as it did earlier this month. A successful landing tonight would prove that the company has taken a big step toward making sea-based rocket landings—if not routine—at least something that can be attempted with a reasonable expectation of success.

Apple's popular iMessages as used on an iPad. (credit: Robert S. Donovan)

Patent troll VirnetX, fresh on the heels of a $626 million FaceTime and iMessages patent victory over Apple, now wants a federal judge to permanently turn off those popular features.

VirnetX on Wednesday also asked the judge presiding over the litigation to increase the damages the East Texas jury awarded in February by another $190 million or more. Apple wants a retrial, claiming that VirnetX's lawyers misrepresented evidence to the jury and that the evidence presented at trial didn't support infringement. The gadget maker said it also should not have to pay royalties, according to Law360 (subscription required), which attended Wednesday's hearing (PDF).

Apple "argued that VirnetX is improperly trying to secure an overly broad injunction so that it can be used to extract a massive licensing fee," Law360 reported. Apple's documents connected to the issue are lodged under seal. However, VirnetX's post-trial demands (PDF) are in the public record.