IANS Blog RSS Feed

http://www.iansresearch.com

Poulin to CSO: We Hacked a Smart Building Using ?Old-School? Techniques

- Thu, 11 Feb 2016 00:00:00 GMT

The ?smarter? buildings get, the easier they are to hack? Maybe. IANS Faculty Chris Poulin, research strategist for IBM?s X-Force ethical hacking team, recently spoke to CSO?s Maria Korolov about a penetration test in which his team was able to gain access to all of the buildings operated by a building management company.

Privacy, Security Concerns Rise as States Mull Encryption Backdoor Requirements

- Wed, 27 Jan 2016 00:00:00 GMT

National Data Privacy Day (January 28th) certainly comes at an interesting time this year, as legislators in two of the most technology-centric U.S. states recently introduced similar bills that would force smartphone manufacturers to include encryption backdoors in their devices.

Fledgling Cyber-Insurance Market Tested by Early Denials, Lawsuits

- Wed, 20 Jan 2016 00:00:00 GMT

Cybersecurity insurance policies may be relatively new, but they have one important thing in common with established, legacy business coverage: They live and die in the fine print.

Hacker-Caused Ukrainian Power Outage Marks First Known Attack With Immediate, Direct Public Impact

- Tue, 05 Jan 2016 00:00:00 GMT

Security researchers have confirmed that a recently updated version of the highly destructive BlackEnergy malware package infected the systems of at least three power authorities in Ukraine, causing a massive outage that left thousands of homes in the Ivano-Frankivsk region of the country without electricity. 

Top 10 IANS Insights from a Tumultuous 2015

- Mon, 28 Dec 2015 00:00:00 GMT

Another year is in the books and what a year it was for infosec pros. From the Ashley Madison hack to the OPM breach, to Jeep commandeering and mysterious backdoors in popular networking gear, every week brought a new security twist that forced us all to keep our heads on swivels.

Herold: Misguided CISA Heightens Security, Privacy Concerns

- Mon, 21 Dec 2015 00:00:00 GMT

The controversial Cybersecurity Information Sharing Act (CISA) is now the law of the land, slipped into an eleventh-hour spending bill designed to keep the federal government running through 2016.

Patch Now: Rogue Code Leaves Gaping Hole in Juniper Gear

- Fri, 18 Dec 2015 00:00:00 GMT

Juniper Networks says unauthorized code could allow attackers to gain administrative access to its NetScreen appliances and decrypt VPN connections without leaving any trace of their actions. Users are urged to apply fixes immediately.

Poulin: Time to Realistically Acknowledge Vehicle Vulnerabilities

- Wed, 16 Dec 2015 00:00:00 GMT

The images and breathless banter were difficult to ignore: celebrity security researchers gaining remote command of an automobile, disrupting on-board systems before forcing the vehicle and its helpless driver into a ditch.

NIST to Infosec Pros: How Is Our Framework Working?

- Mon, 14 Dec 2015 00:00:00 GMT

The National Institute of Standards and Technology is asking infosec practitioners in the public and private sectors to comment on the efficacy of its cybersecurity framework as it prepares to update the popular, two-year-old document.

As Ransomware Attacks Evolve, Security Teams Must Prepare For New ?Drive-By? Tactics

- Thu, 10 Dec 2015 00:00:00 GMT

Another week, another evolution of the popular ransomware attacks. When we last wrote about it, researchers had discovered a new iteration ? ?Linux.Encoder.1? ? that enabled attackers to inject malware into Linux-powered websites and encrypt all files in the home and backup directories. Now, it appears the popular exploit kit Angler is being used to spread the latest version of CryptoWall and other ransomware on websites as part of ?drive-by? campaigns that begin with the deployment of password-stealing malware. 

Threats RSS Feed - Symantec Corp.

http://www.symantec.com/business/security_response/landing/threats.jsp

Trojan.Huntpos!gm

- Mon, 23 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Turla!gen4

- Mon, 23 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Cryptlock.AN!g2

- Mon, 23 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Redir

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Banswift!gen1

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomcrypt.AT

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Lostdrat

- Sun, 22 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

JS.Dropper

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomlock.AS

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Bayrob!gen8

- Mon, 16 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Heur.AdvML.D

- Wed, 18 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Heur.AdvML.C

- Wed, 18 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Heur.AdvML.B

- Wed, 18 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

JS.Downloader!gen20

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomcrypt.AR

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomcrypt.AS

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Cryptlock.AH!g1

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Cryptolocker.AP

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomcrypt.AQ

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Wortrik

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Android.Cepsohord

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Packed.Generic.505

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ranscrypt.AP!gm

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomcrypt.AP

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Cryptlock.N!g7

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ranslock.AQ!g1

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

W97M.Downloader.I

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomcrypt.AN

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomcrypt.AO

- Tue, 10 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Exp.CVE-2016-1015

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Exp.CVE-2016-1016

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Exp.CVE-2016-1017

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

SONAR.Qakbot!g1

-

Risk Level: Very Low. Type: Trojan, Virus, Worm.

Backdoor.Duuzer.B

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Backdoor.Tronariv

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Jakubot

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

SONAR.Heur.RGC!g108

- Tue, 3 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC!g136

- Tue, 3 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC!g147

- Tue, 3 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC!g185

- Tue, 3 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC!g90

- Tue, 3 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC.CM!g13

- Tue, 3 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Heur.RGC.DL!g5

- Tue, 3 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.MSWord!g3

- Tue, 3 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.Trafic2.RGC!g8

- Tue, 3 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

SONAR.SuspBeh!gen57

- Tue, 3 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus, Worm.

PHP.Fioesrat

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomcrypt.AM

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

VBS.Backbat

- Mon, 2 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan, Virus.

Trojan.Ransomcrypt.AL

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Ransomlock.AQ

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Pekelog

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Adupihan

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Godmodir

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Prociy

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Downloader.Exopire

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Backdoor.Etumbot

- Tue, 26 Apr 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Exedapan!gm

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Exp.CVE-2016-2347

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Infostealer.Boyapki.E

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Cryptolocker.AO

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Trojan.Banswift

- Fri, 20 May 2016 00:00:00 +0000

Risk Level: Very Low. Type: Trojan.

Security News Headlines - Yahoo! News

http://news.yahoo.com/security/

Clinton email probe in late stage, FBI may question her

- Tue, 24 May 2016 03:19:14 -0400

In this photo taken Dec. 19, 2015, Huma Abedin, center, aide to Hillary Clinton, stands on stage after a Democratic presidential primary debate in Manchester, N.H. FBI agents probing whether Hillary Clinton?s use of a private email server imperiled government secrets appear close to completing their work, a process experts say will likely culminate in a sit-down with the former secretary of state. (AP Photo/Jim Cole)WASHINGTON (AP) ? FBI agents probing whether Hillary Clinton's use of a private email server imperiled government secrets appear close to completing their work, a process experts say will probably culminate in a sit-down with the former secretary of state.


Soccer-Lewandowski has score to settle on biggest stage

- Mon, 23 May 2016 22:01:51 -0400

By Adrian Krajewski WARSAW, May 24 (Reuters) - Poland's Robert Lewandowski has chalked up so many big-game landmarks during his club career that the 27-year-old seems overdue a major tournament performance with his country. Few strikers in Europe can match his astonishing scoring record which will leave Germany particularly wary of facing the Bundesliga's leading scorer when the two countries meet at Euro 2016. For the last six years, since joining Borussia Dortmund and then Bayern Munich, goals have come readily.

Ocean?s 100: Thieves steal $12.7 million from ATMs in just three hours

- Mon, 23 May 2016 21:00:29 -0400

The Ocean's 11 movies are spectacular stories about crazy heists that take lots of effort, careful planning and just a touch of skillful improvisation to pull off. But it turns out that jobs like this exist in real life, too. And they?re equally impressive. A few days ago, 100 coordinated thieves stole no less than $12.7 million (1.4bn yen) from ATMs. The entire thing took just three hours, and no suspect was apprehended since then. DON?T MISS: Watch the Britney Spears BMA performance that the internet is going crazy over According to The Guardian , the operation was orchestrated by an organized crime ring. 100 people targeted 1,400 ATMs and used fake credit cards that contained details stolen from an unidentified South African bank. Thieves stole precisely 100,000 yen per withdrawal. That means each card was used only for a single transaction worth around $914, but the grand total was just under $13 million. The thieves started withdrawing cash on Sunday, May 15th, at 5:00AM, completing the entire process just before 8:00AM. They targeted cash machines in Tokyo and 16 other districts. Because it was a day when banks were closed and the cards used belonged to a bank in a different country, it took a while before the caper was discovered. That was probably enough time for the members of the gang to have left in Japan without being in any danger of getting caught by police. It?s unclear at this time who was behind the heist, what bank?s security was cracked, or who stole the credit card data to manufacture the fake credit cards.

Bangladesh Bank heist trail goes cold in Manila as probes falter

- Mon, 23 May 2016 19:07:07 -0400

A slot machine is pictured at Solaire Casino in Pasay City, Metro ManilaBy Raju Gopalakrishnan MANILA (Reuters) - More than three months have passed since $81 million was stolen in a brazen cyber-heist from Bangladesh's central bank and sent to Manila ? yet authorities in the Philippines appear no closer to nabbing those who laundered most of the money through a bank and casinos here. Nobody has been arrested, the National Bureau of Investigation (NBI) - the nation?s equivalent of the FBI - has not been allowed to get fully involved in the probe, and a Philippines Senate investigation petered out last week. Several official and private investigators said they had hoped to make headway by following the money trail in the Philippines, but they told Reuters it has gone cold.


NY lawmaker warns on U.S. financial security after SWIFT attacks

- Mon, 23 May 2016 19:01:29 -0400

Photo illustration of the SWIFT logoRecent hacks of international banks through the SWIFT messaging system raise serious questions about cyber-related risks to U.S. firms, Representative Carolyn Maloney wrote on Monday in a letter to the country's top banking regulators that asked about measures to strengthen systems' security. Maloney, a Democrat who represents part of Manhattan - home to many people employed in finance and banking - wrote to Federal Reserve Chair Janet Yellen, U.S. Comptroller Thomas Curry and Federal Deposit Insurance Corporation Chairman Martin Gruenberg that she remains "deeply concerned about U.S. banks' exposure to these new, sophisticated cyber attacks." The SWIFT network that allows banks to process billions of dollars in transfers each day is considered the backbone of international banking.


Whatever you do, don?t buy these smartphones

- Mon, 23 May 2016 18:00:18 -0400

There is nothing in consumer tech right now that's as hot as the smartphone market, even as it nears saturation in many regions, and the real beauty of it is that there are so many options. Every company out there wants a piece of the action and they're all looking for ways to differentiate their products, so there really is something for everyone. It's not easy to make a choice that can truly be considered wrong since different people have different needs and wants, but there is one line of smartphones that people probably shouldn't bother with unless they having a burning desire to dump hundreds of dollars into a dead platform. As noted by market research firm Gartner, Windows Phone's share of the global smartphone market actually fell below 1% this past quarter for the first time ever, market yet another stop on Microsoft's one-way trip to smartphone irrelevance. As such, the worst mistake you can make when buying a new phone is to buy a Windows Phone, unless you're fine with burning cash on a platform that's on its way out. Actually, there is one smartphone platform that somehow has an even lower share of the global market ? BlackBerry OS ? but it's so low that it's not even worth discussing anymore. HUGE LEAK:  This is our first look at a real iPhone 7 According to Gartner's estimates , smartphone shipments grew 3.9% in the first quarter of 2016 compared the same quarter one year earlier. That seems like a small figure, but it's pretty impressive when you consider how far iPhone sales fell between January and March . Gartner says total "smartphone sales," which is a figure that actually includes end-user iPhone sales and estimated channel sales for other brands, reached 349 million units in the quarter. Samsung led the way with estimated shipments totaling 81 million units, which is indeed a massive number that was bolstered by the launch of the Galaxy S7 and Galaxy S7 edge. Chinese Android brands grew too fast in the quarter though, so Samsung's global market share actually fell to 23.2% in the first quarter from 24.1% in the same quarter last year. Meanwhile, Apple's global smartphone market share saw a much bigger drop, from 17.9% in Q1 2015 to 14.8% in Q1 2016. "In a slowing smartphone market where large vendors are experiencing growth saturation, emerging brands are disrupting existing brands' long-standing business models to increase their share," Gartner research director Anshul Gupta. "With such changing smartphone market dynamics, Chinese brands are emerging as the new top global brands. Two Chinese brands ranked within the top five worldwide smartphone vendors in the first quarter of 2015, and represented 11 percent of the market. In the first quarter of 2016, there were three Chinese brands ? Huawei, Oppo and Xiaomi ? and they achieved 17 percent of the market."

Correction: Campaign 2016-Foreign Hacking story

- Mon, 23 May 2016 11:30:08 -0400

FILE - In this Feb. 9, 2016 file photo, Director of the National Intelligence James Clapper speaks on Capitol Hill in Washington. Clapper said Wednesday,May 18, 2016, that the U.S. has already seen evidence that cyber hackers, possibly working for foreign governments, are snooping on the presidential candidates, and government officials are working with them to tighten security as they expect the problem to grow as the campaigns intensify. (AP Photo/Alex Brandon, File)WASHINGTON (AP) ? In a story May 18 about possible foreign hacking into presidential campaigns, The Associated Press used the wrong configuration for the name of the chief executive officer of PKWARE. His name is V. Miller Newton, not V. Newton Miller.


Hackers probe defenses of Middle East banks : FireEye

- Mon, 23 May 2016 06:27:21 -0400

A magnifying glass is held in front of a computer screen in this picture illustration taken in BerlinHackers are probing the defenses of banks in the Middle East, targeting employees with infected emails which gather information about the banks' network and user accounts, FireEye researchers said.  FireEye, a U.S. cyber security company investigating the February attack on Bangladesh's central bank in which hackers stole $81 million, said there was no apparent connection with the heist or related attacks on banks in Ecuador and Vietnam. A FireEye spokesman said Qatar National Bank was not one of the "several banks" in the Middle East where researchers had found the malware.


To halt smartphone slide, Samsung rewrites playbook

- Sun, 22 May 2016 22:45:21 -0400

File photo of a model posing for photographs with Samsung Electronics' new smartphone Galaxy S7 during its launching ceremony in SeoulBy Se Young Lee SEOUL (Reuters) - From the way it chooses smartphone components to the models it brings to market, Samsung Electronics has undergone a painful process of breaking from its past to reverse a slide in its handset business. For example, the world's largest smartphone maker agonized over camera specs for its flagship Galaxy S7 until the last moment - ultimately defying industry convention by opting for fewer pixels in exchange for improved autofocus features and low-light performance, a move that contributed to early success. "We've now gotten to a point where we can secure a baseline profit even if the market stagnates, so long as we don't make a bad mistake," said Kim Gae-youn, vice president in charge of Samsung's smartphone product planning.


Apple CEO Cook, Indian Prime Minister Modi meet in New Delhi

- Sat, 21 May 2016 08:52:12 -0400

FILE - In this April 30, 2015 file photo, Apple CEO Tim Cook responds to a question during a news conference at IBM Watson headquarters, in New York. Apple CEO Tim Cook laid out his company?s plans for the vast Indian market in a meeting Saturday, May 21, 2016, with Prime Minister Narendra Modi, who in turn sought Apple's support for his "Digital India" initiative focusing on e-education, health and increasing farmers' incomes. (AP Photo/Richard Drew, File)NEW DELHI (AP) ? Apple CEO Tim Cook laid out his company's plans for the vast Indian market in a meeting Saturday with Prime Minister Narendra Modi, who in turn sought Apple's support for his "Digital India" initiative focusing on e-education, health and increasing farmers' incomes.


SWIFT tells banks to share information on hacks

- Fri, 20 May 2016 19:26:31 -0400

Photo illustration of the SWIFT logoBy Tom Bergin LONDON (Reuters) - International financial messaging service SWIFT told clients on Friday to share information on attacks on the system to help prevent hacking, after criminals used SWIFT messages to steal $81 million from the Bangladesh central bank. Earlier on Friday, Reuters reported that Wells Fargo, Ecuador's Banco del Austro (BDA) and Citibank, whose managing director, Franchise Risk & Strategy, Yawar Shah, is SWIFT's chairman, did not inform SWIFT of an attack last year in which more than $12 million was stolen from BDA. The network is considered the backbone of international finance but faith in its security has been rocked by the theft from Bank Bangladesh's account at the Federal Reserve Bank of New York.


Macedonian extradited to face U.S. charges on selling card data

- Fri, 20 May 2016 18:23:22 -0400

By Nate Raymond NEW YORK (Reuters) - A Macedonian citizen was extradited to the United States on Friday to face charges related to his operation of a website called Codeshop that authorities say was responsible for selling the data of thousands of credit cards from around the world. Djevair Ametovski, 29, was arrested in Slovenia in 2014 and was extradited from there to face charges including aggravated identity theft and wire fraud conspiracy contained in a criminal complaint filed in federal court in Brooklyn, New York. Ametovski, who authorities say was known online as "codeshop," "sindrom" and "sindromx," is expected to appear in court on Saturday, prosecutors said.

Banks are helping hackers pull off the perfect heist

- Fri, 20 May 2016 15:30:12 -0400

News broke in February that hackers were able to steal no less than $81 million from the Bank of Bangladesh in what MANY described as a perfect heist. Well, maybe it wasn?t perfect, as a silly spelling mistake prevented the culprits from walking away with nearly $1 billion . But the sophisticated attack worked almost flawlessly as the hackers were able to take advantage of the backbone of financial transactions , after infiltrating the bank?s systems. It turns out that the Bangladesh attack wasn?t an isolated event . Hackers have attacked other banks as well in the past using the same methods. New reports show that some of these attacks could have been prevented, but only if only banks were willing to share more details about these attacks with the SWIFT organization. Apparently, the financial institutions aren?t just worried that they?re going to lose the trust of customers, but also that they might generate additional inquiries into their security systems from local regulators. And nobody wants that. DON'T MISS:  Your iPhone could look so much better than it does right now The Bangladesh heist wasn?t even the first one, and it likely won?t be the last. Two others have been discovered in recent months; an unsuccessful attack in Vietnam using the same technique was thwarted in December last year, months before the Bangladesh bank was hit. But in mid-January 2015, more than a year before hackers stole the $81 million from Bangladesh, the Banco del Austro (BDA) in Ecuador was the victim of a similar attack. Over a period of 10 days, criminals used SWIFT credentials swiped from a bank employee to modify transaction details, including sums and recipients, for 12 transfers amounting to over $12 million. The security of SWIFT itself was not breached, but hackers used advanced malware to steal credentials and cover their tracks. The crime remained a secret for a long time, Reuters and The Wall Street Journal report, but BDA decided to sue Wells Fargo, the bank that approved the transfers. It turns out that SWIFT had no idea about the security breach, as neither BDA nor Wells Fargo shared details about it with the Belgian body that oversees wire transfers. SWIFT is urging partner banks to disclose similar attacks so that better defenses can be set up. But what?s clear so far is that hackers have found ways to take advantage of this secure money transfer system that banks take for granted. And financial institutions are helping them by not disclosing hacks to SWIFT or to other banks. If a wire comes through via the SWIFT messaging system, banks act according to the information received and honor the transfer. That?s what Wells Fargo is arguing in its defense, which seeks to have the case dismissed. BDA, meanwhile, says that Wells Fargo should have seen the flags and stopped the transactions.

Cyber thieves exploit banks' faith in SWIFT transfer network

- Fri, 20 May 2016 15:11:38 -0400

Photo illustration of the SWIFT logoBy Tom Bergin and Nathan Layne LONDON/CHICAGO (Reuters) - Shortly after 7 p.m. on January 12, 2015, a message from a secure computer terminal at Banco del Austro (BDA) in Ecuador instructed San Francisco-based Wells Fargo to transfer money to bank accounts in Hong Kong. Over 10 days, Wells approved a total of at least 12 transfers of BDA funds requested over the secure SWIFT system. The SWIFT network - which allows banks to process billions of dollars in transfers each day - is considered the backbone of international banking.


Factbox: How do bank payments work in the euro zone?

- Fri, 20 May 2016 13:53:52 -0400

Cyber attacks on banks from Bangladesh to Ecuador are raising questions about the security of the global payment system and one of its key components, the SWIFT messaging network. Following is a basic explanation of how bank payments work in the euro zone: WHAT HAPPENS WHEN I MAKE A PAYMENT? Most bank payments in the euro zone are settled via the Target 2 payment system, owned and managed by the European Central bank and the national central banks (NCBs) of euro zone countries.

Hackers in Ukraine and Frog Juice in the Andes: The Week in Global-Affairs Writing

- Fri, 20 May 2016 12:31:11 -0400

The Ukrainian Hacker Who Became the FBI?s Best Weapon?and Worst Nightmare Kevin Poulsen | WIRED ?One Thursday in January 2001, Maksym Igor Popov, a 20-year-old Ukrainian man, walked nervously through the doors of the United States embassy in London. While Popov could have been mistaken for an exchange student applying for a visa, in truth he was a hacker, part of an Eastern European gang that had been raiding U.S. companies and carrying out extortion and fraud. A wave of such attacks was portending a new kind of cold war, between the U.S. and organized criminals in the former Soviet bloc, and Popov, baby-faced and pudgy, with glasses and a crew cut, was about to become the conflict?s first defector.?

Change your LinkedIn password right now

- Fri, 20 May 2016 11:04:44 -0400

Remember when LinkedIn was hacked a few years ago and the company confirmed that login credentials and other data belonging to 6.5 million accounts were stolen? Well, it turns out that figure might have been a little low. OK it was very, very low ? it looks like hackers managed to steal data from not 6.5 million, and not even 65 million, but just over 165 million accounts. In other words, it's time to change your LinkedIn password immediately. DON'T MISS:  How I added microSD support to my iPhone 6s LeakedSoure updated an earlier report on Thursday night with the news that username and password data from a grand total of 167,370,910 accounts that have now been obtained by the site. Those credentials are actively being sold on the black market, which means that impacted users are at risk. Wondering how to figure out if you're one of the LinkedIn users impacted by this massive breach? Well, stop trying to figure it out and just change your password immediately. Seriously, change it right now. It's always a good idea to change your passwords regularly and to never, ever use the same password for two different accounts. And no, you shouldn't paste all those different usernames and passwords into a plain text file so you can remember them. Instead, use a secure password manager that can sync your passwords across all devices and keep them safe but easily accessible. We highly recommend 1password . Speaking of bad password practices, LeakedSource has published a table showing the most commonly used passwords on LinkedIn and it's just as bad as you think it might be. The most commonly used password is "123456" ? cringe ? and it was found on 753,305 accounts. The second most common password was "linkedin" ? cringe again ? which was used on 172,523 different accounts, and then "password" ? seriously, we give up ? on 144,458 accounts. Here's a top-10 list for you: Hopefully your password doesn't appear on that list but either way, you would be wise to change your LinkedIn password immediately.

Samsung to partner with Alibaba affiliate on mobile payments in China

- Fri, 20 May 2016 03:05:52 -0400

Sales assistant sits behind and under Alipay logos at a train station in ShanghaiSamsung Electronics said it had struck a deal with an Alibaba Group Holding affiliate for owners of its phones to be able to more easily make payments with Alipay accounts - a move it hopes will boost sales in the world's biggest smartphone market. Users of Samsung Pay will also have the option of paying with their Alipay accounts without having separately access the Alipay application. Alipay, which is operated by Alibaba affiliate Ant Financial Services Group [ANTFIN.UL], has 450 million active registered users.


Old ATM malware is back and infecting machines everywhere

- Thu, 19 May 2016 21:00:33 -0400

An old piece of ATM malware is back, and reportedly more dangerous and harder to detect than ever. According to security researchers from Kaspersky Labs , an updated piece of malware dubbed Skimer has infected numerous Windows-based ATMs across all corners of the globe. DON'T MISS:  Apple supplier mistakenly leaks details of next year?s major iPhone redesign When installed, the updated version of Skimer checks to see if the file system is FAT32 or NFTS. If it's the former, it "drops the file netmgr.dll in the folder C:\Windows\System32" and if it's the latter, "the same file will be placed in the NTFS data stream corresponding to the XFS service´s executable file." The end result is that the malware is harder for security officials to detect and make sense of. The Stack adds : Unlike other skimming malware programs, like Tyupkin, which becomes active in a specific time frame and is awakened by a ?magic code?, Skimer may lie dormant for months until it is activated with the physical use of a ?magic card.? The magic card gives access control to the malware, which then offers a list of options that are accessed by inputting a choice on the pin pad. Once an ATM is compromised and the Skimer malware resuscitated from its dormant state, cyber criminals can gather pertinent financial data from inserted cards and can even direct the machine to dispense money. And in an additional step to evade detection, the malware can even be instructed to self destruct. A view of the Skimer malware in action, courtesy of Kaspersky, can be viewed below. https://www.youtube.com/watch?v=hOcFy02c7x0

Google Daydream VR vision: With opportunity comes challenges

- Thu, 19 May 2016 15:30:01 -0400

Clay Bavor, Google vice president of virtual reality, talks about Daydream and virtual reality during the keynote address of the Google I/O conference, Wednesday, May 18, 2016, in Mountain View, Calif. Google unveiled its vision for phones, cars, virtual reality and more during its annual conference for software developers. (AP Photo/Eric Risberg)NEW YORK (AP) ? Upcoming virtual-reality headsets based on Google's new Daydream VR system could give more people a taste of VR and make better games and applications affordable.


Top Democratic senator probes SWIFT, NY Fed about Bangladesh heist

- Thu, 19 May 2016 13:59:45 -0400

The corner stone of The New York Federal Reserve Bank is seen in New York's financial districtThe Senate Homeland Security Committee's top Democrat sought information Thursday from global financial network SWIFT and the Federal Reserve Bank of New York on steps being taken to bolster cyber security in the wake of the theft of $81 million from the central bank of Bangladesh. Senator Tom Carper of Delaware requested that both answer questions and brief his staff by June 17 on how they were handling issues following the February heist, during which hackers wired money out of an account at the New York Fed held by Bank Bangladesh, as well as how they were safeguarding against other potential cyber threats. "These cyber attacks raise important questions about the security of the SWIFT system and the ability of its members to prevent future attacks," Carper wrote in his letters.


China's high-tech future emerges in factory town Shenzhen

- Thu, 19 May 2016 11:09:41 -0400

In this April 20, 2016 photo, Jasen Wang, founder of Shenzhen educational robot company Makeblock, poses with some of his company's products in Shenzhen, China. Once a collection of fishing enclaves next door to Hong Kong, Shenzhen has become the epicenter of China?s manufacturing-driven miracle is staking its future growth on finance, technology and culture. (AP Photo/Kelvin Chan)SHENZHEN, China (AP) ? Forget Beijing and Shanghai. China's economic future is emerging in Shenzhen.


Singapore banks' group invites SWIFT to discuss cyber attacks

- Thu, 19 May 2016 06:48:07 -0400

File photo of the logo of the Monetary Authority of Singapore at its building in SingaporeThe Association of Banks in Singapore (ABS) has invited SWIFT for a meeting in June to discuss the latest cyber attacks on banks in Bangladesh and Vietnam which involved SWIFT's financial messaging service. The move comes as members of ABS, which include Singaporean and foreign banks, have individually engaged the Society for Worldwide Interbank Financial Telecommunication (SWIFT) since news of the attacks emerged, it said. "ABS, for its part, has invited SWIFT to a meeting in early June to share its experience in managing the incidents in Bangladesh and Vietnam," it said an email to Reuters.


Bangladesh Bank official's computer was hacked to carry out $81 million heist: diplomat

- Thu, 19 May 2016 05:51:10 -0400

John Gomes, Bangladesh's ambassador to the Philippines is flanked by Bangladesh officials as they appears in a money laundering hearing at Senate in ManilaA Bangladeshi central bank official's computer was used by unidentified hackers to make payments via SWIFT, and carry out one of the biggest-ever cyber heists, a Bangladeshi diplomat said on Thursday at the end of a Philippine Senate inquiry. There were certain indications about who the hackers were, Bangladesh Ambassador John Gomes told a panel looking into how the $81 million in stolen money ended up in the Philippines, citing information shared by the U.S. Federal Bureau of Investigation. Gomes said the hackers were neither in the Philippines nor in Bangladesh, but he had no other information.


Is it safe to use the free Wi-Fi at Starbucks?

- Wed, 18 May 2016 23:27:44 -0400

Walk by any Starbucks within 100 miles of your house and chances are that you'll see several people sitting at a table, drinking coffee and enjoying the free Wi-Fi . Starbucks and free Wi-Fi have become synonymous with one another over the past few years ? one unable to exists without the other ? but the next time you log on to a public coffee shop hotspot, you might want to consider the risks you're taking. DON'T MISS:  If you care about battery life, there?s only one iPhone you should buy Someone on Quora  posed the following question: "How safe is WiFi at Starbucks?" Of course, there's nothing special about the Wi-Fi at Starbucks specifically, but it's a place where nearly everyone has connected at some point. Here's what network engineer Brent Saner has to say about it: "It doesn't matter if Starbucks is on WPA, WPA2, WEP (which is incredibly easy to break. give me 1-4 hours or less and close enough distance to a wifi antenna, I'll break your WPA2... but give me 15 minutes and I'll break your WEP. If you have WPS enabled? 5 minutes - no matter if you use WPA/WPA2 or WEP)... All that does not matter if it's for a Starbucks AP. It might as well be open. Hotspots are *intended* to be accessed by the public." He then goes into great detail about exact how he would break into the network and what he might be able to access on your device if he's successful. One the other hand, computer security engineer David Seidman explains that the chances of being targeted on a random hotspot at a random hotspot is unlikely: "However, the truth is that most users will never be targeted because such an operation is risky and, more importantly, time consuming for the attacker, because the attacker needs to be physically present. Most attackers prefer to operate remotely so they can hit more victims faster. If you are being individually targeted by an intelligence agency, then you might want to worry - but this is the least of your concerns." So is Starbucks' Wi-Fi safe to use? Not entirely, but you shouldn't let that keep you from logging on and getting some work done the next time you visit.

Exclusive: UK banks ordered to review cyber security after SWIFT heist

- Wed, 18 May 2016 23:00:43 -0400

Members of the public walk past the Bank of England in central LondonBy Andrew MacAskill and Jim Finkle LONDON (Reuters) - The Bank of England ordered UK banks to detail steps taken to secure computers connected to the SWIFT bank messaging network about two months after a still-unidentified group used the system to steal $81 million from Bank Bangladesh, according to three people familiar with the effort. The central bank sent the request to update cyber security measures to all banks it regulates in mid-to-late April, according to these people, who were not authorized to discuss the confidential communications. The previously unreported action marks the earliest known case of a central bank in a major economy to order its member banks to conduct a formal security review in response to the Bangladesh theft, which has shaken the global system for transferring money among both commercial and central banks.  The Bank of England, one of the G10 central banks that oversee Brussels-based SWIFT, said it had no immediate comment.


Hong Kong launches fresh plan to fortify cyber security after SWIFT heist

- Wed, 18 May 2016 22:48:25 -0400

Photo illustration of the SWIFT logoHong Kong's central bank has a launched a new program to strengthen lenders' ability to protect their critical technology systems after recent attacks by unidentified groups on a global messaging system used by the financial community. The Hong Kong Monetary Authority's latest measure, known as the "Cybersecurity Fortification Initiative (CFI)," plans to raise the level of cybersecurity at banks in Hong Kong through a three-pronged approach and follows similar steps taken by its counterparts from London to Vietnam. The FBI, authorities in Dhaka and private forensic experts are investigating the February cyber heist in Bangladesh where thieves raided a central bank account kept at the Federal Reserve Bank of New York, stealing $81 million.


Hackers target presidential campaigns: U.S. spy chief

- Wed, 18 May 2016 19:44:51 -0400

An illustration picture shows projection of binary code on man holding aptop computer in WarsawBy Dustin Volz and Mark Hosenball WASHINGTON (Reuters) - U.S. presidential campaigns face threats from hackers bent on espionage and other activity more nefarious than mere political mischief, the office of U.S. National Intelligence Director James Clapper said on Wednesday, but did not provide details on specific intrusions. ?We?re aware that campaigns and related organizations and individuals are targeted by actors with a variety of motivations - from philosophical differences to espionage - and capabilities - from defacements to intrusions,? Clapper's spokesman, Brian Hale, said in a statement, deferring to the FBI for details on specific incidents. Earlier, Clapper said the U.S. intelligence community had ?already had some indications? of hacking attempts against presidential campaigns.


The Latest: Google seen ahead in some areas, no so in others

- Wed, 18 May 2016 16:58:46 -0400

Google engineering director Erik Kay talks about the new Allo messaging app and Duo during the keynote address of the Google I/O conference, Wednesday, May 18, 2016, in Mountain View, Calif. Google unveiled its vision for phones, cars, virtual reality and more during its annual conference for software developers. (AP Photo/Eric Risberg)MOUNTAIN VIEW, Calif. (AP) ?


Google?s VR play is all about content, not hardware

- Wed, 18 May 2016 16:33:29 -0400

The big arguments in VR right now are all about hardware: Oculus Rift vs HTC Vive, Gear VR against a phantom Apple VR, Playstation VR against... something. Google was widely expected to wade into the fray this afternoon with some kind of standalone VR headset, or at least a direct Gear VR competitor. Instead, the company glossed over "reference hardware" specs it's providing to other manufacturers. But that's because Google's trying to position itself somewhere quite different in the developing VR market: As the go-to place for content. DON'T MISS:  The 8 most important announcements from Google I/O 2016 Daydream is Google's new home for everything VR . It lives as part of the upcoming Android N update, and will use powerful smartphones slotted into third-party-manufactured headsets to show you all types of content. It's going to be a much more sophisticated version of Cardboard, Google's current toe-dip into the VR marketplace. Google envisions Daydream as a one-stop shop for all your VR needs. Inside the platform, there will be redesigned Google apps tailored for VR, and even a dedicated Google Play Store for VR. Big-name content providers like HBO and Netflix are already on board , IMAX will be bringing wide-screen movies to Daydream, and even the likes of NBA and MLB are going to build in content. Gaming is another big area of focus, with Ubisoft, EA and the makers of  EVE: Online all signed up as partners. I know what you're thinking -- none of this is radically different to what Samsung is doing with Gear VR, tying in partners to build apps and develop content. But it's worth remembering that we're talking about Android and Google here, a platform and company that have a much wider reach than Samsung. Although Samsung has a clear head start, Google is working hard to make its platform more appealing by integrating a Play Store, Play Movies and even a bespoke version of Street View into Daydream. https://youtu.be/Uc2R0W-JjQA Right now, Daydream is just a series of specs on paper. But Samsung, HTC, Huawei, LG, ZTE and Asus have all committed to building Daydream-compatible handsets in the near future. That's very nearly a clean sweep of the major Android manufacturers (Hi, Motorola!). So by this time next year, nearly every major flagship Android phone on the market will be Daydream-compatible. Cardboard VR has been a success because it put VR into the hands of millions of smartphone owners, people who wouldn't have shelled out for an Oculus Rift. Provided that the headset and controllers aren't too expensive, Daydream could do the same thing, but with much higher-quality VR, and a dedicated library of Google apps to choose from. If everything works according to plan, Daydream becomes the biggest VR platform and the No. 1 target for developers and content makers working in VR. Once  that  happens, well -- Google will be sitting pretty as the go-to platform for the next generation of making content. Not bad, for a company whose only VR headset is made of cardboard.

Google unveils a new virtual reality platform called ?Daydream?

- Wed, 18 May 2016 14:23:33 -0400

Google I/O is well underway and the search giant has already revealed a number of compelling hardware and software announcements. Just a few moments ago, Google announced some exciting new Virtual Reality developments with the introduction of a new VR platform called Daydream . DON?T MISS: Live coverage: Watch the Google I/O 2016 keynote right here So while we didn't get the standalone VR headset that was previously rumored, Daydream still has a lot of interesting surprises in store for us. Designed as a platform built atop of Android N, Google's ambition with Daydream is to foster the creation of a broad and all-encompassing ecosystem. Consequently, Google relayed that it has developed reference specifications for manufacturers who wish to create Daydream capable smartphones, apps, and headsets. And speaking of apps, Google said that the type of apps Daydream is intended to support extends beyond gaming and will include apps like HBO Now, Netflix, and MLB's beloved MLB.com app. And not surprisingly, Google also plans to bring its own homegrown apps like YouTube and Google Photos to the VR party. While the launch of Daydream-ready phones isn't right around the corner, the release of a new virtual reality platform signals that the search giant is willing to throw a considerable amount of resources behind the impending VR revolution. Now if any of this sounds familiar, it's because Google's strategy here is effectively similar to what it achieved with Android. Fortune astutely observes : When it comes to hardware, Google is late to the VR party. Still, [Clay] Bavor insists that its impact could be the most significant. By creating both the software and the hardware for VR (but allowing partners to make their own versions), Google is copying its own playbook for Android, the world?s top mobile operating system. Samsung and HTC, two major Android phone manufacturers, will develop Daydream-ready phones. Gaming giants Ubisoft and Electronic Arts ea will create Daydream-ready VR games. Other hardware manufacturers committed to developing Daydream-ready smartphones include Asus, LG, ZTE, Alcatel, Xiaomi and Huawei. A quick cut of what Google's VR utopia looks like can be seen below. https://www.youtube.com/watch?v=Uc2R0W-JjQA Developing... For more news and coverage from Google's developers event, check our Google I/O 2016 hub .

Foreign Hackers May Be Targeting U.S. Presidential Candidates

- Wed, 18 May 2016 13:37:00 -0400

As presidential candidates tack and weave through their primary races and toward their upcoming party conventions, the eyes of voters?and indeed, the eyes of the world?are on them. But a few groups are watching especially closely.

US intelligence: Foreign hackers spying on campaigns

- Wed, 18 May 2016 10:37:42 -0400

WASHINGTON (AP) ? The nation?s top intelligence official says the U.S. has seen indications of foreign hackers spying on the presidential candidates.

National Intelligence director: US sees indications that hackers, possibly working for foreign governments, are spying on US presidential candidates

- Wed, 18 May 2016 10:32:34 -0400

National Intelligence director: US sees indications that hackers, possibly working for foreign governments, are spying on US presidential candidates .

Bangladesh asks SWIFT to give access to technicians on cyber heist

- Wed, 18 May 2016 08:34:33 -0400

Swift code bank logo is displayed on an iPhone 6s on top of Euro banknotes in this picture illustration made in ZenicaBy Krishna N. Das and Serajul Quadir DHAKA (Reuters) - Bangladesh has asked SWIFT to help its police question technicians sent by the global financial network to Dhaka to connect a new bank transaction system months before February's $81 million cyber heist, according to a source and an e-mail seen by Reuters on Wednesday. Bangladesh's Criminal Investigation Department (CID) told SWIFT in the e-mail sent on Monday that it wants to interview the technicians in Dhaka next week. Investigators believe the technicians introduced some vulnerabilities when they connected SWIFT to the South Asian country's first real-time gross settlement (RTGS) system.


SEC says cyber security biggest risk to financial system

- Wed, 18 May 2016 07:07:54 -0400

U.S. Securities and Exchange Commission Chair White is interviewed at Reuters Financial Regulation Summit in WashingtonBy Lisa Lambert and Suzanne Barlyn WASHINGTON (Reuters) - Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks. The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C. "What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks," she said.


U.S. banks scrutinize SWIFT security after hacks: reports

- Wed, 18 May 2016 01:08:54 -0400

Photo illustration of the SWIFT logo(Reuters) - Major U.S. banks are scrutinizing security of the SWIFT messaging network following cyber attacks in Bangladesh and Vietnam involving fraudulent transfer requests, according to media reports on Tuesday. JPMorgan Chase & Co has limited SWIFT access to some employees amid questions about the breaches at two Asian banks, The Wall Street Journal reported, citing people familiar with the matter. The actions are not tied to a specific concern about JPMorgan's vulnerability to SWIFT, but are part of its policy to review user access to certain systems following news of a security threat, The Wall Street Journal said, citing a person familiar with the bank.


Mozilla bid to intervene in U.S. child porn case rejected

- Tue, 17 May 2016 21:29:00 -0400

A man is seen next to a Firefox logo at a Mozilla stand during the Mobile World Congress in BarcelonaA federal judge has rejected Mozilla Corp's request to force the U.S. government to disclose a vulnerability related to its Firefox web browser that the company says was exploited by the FBI to investigate users of a large child pornography website. U.S. District Judge Robert Bryan in Tacoma, Washington, on Monday rejected Mozilla's bid to intervene in a case against a school administrator charged in the investigation, Jay Michaud. Bryan had previously ordered prosecutors to disclose to Michaud's lawyers a flaw in a browser used to view websites including the child porn one on the anonymous Tor network that is partly based on the code for Mozilla's Firefox browser.


Business Highlights

- Tue, 17 May 2016 18:04:15 -0400

___ Startup wants to put self-driving big rigs on US highways An 18-wheel truck barreling down the highway with only a robot at the wheel is a frightening idea to some. But it's the vision of Anthony Levandowski, ...

Norton antivirus has a gaping security flaw

- Tue, 17 May 2016 11:34:10 -0400

A security researcher has discovered a "bug" in Symantec antivirus software, which affects "the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products." I say "bug" because it's less bug, and more a gaping security flaw that makes it incredibly easy to hack any PC, Mac or Linux box running Symantec software. The flaw (spotted by The Register ) was found by Tavis Ormandy , a white-hat hacker whose previous work has involved hacking internet-connected scales . The Symantec bug is to do with how the antivirus engine scans code, in particular an old compression tool. MUST READ:  Apple ruined the dream of having Google take over my iPhone The result is that if a hacker sends a carefully formatted file via email (or just a web link), all the target computer has to do is receive and scan the email -- the user doesn't even have to open the file or link. The hacker then gets root access to the target computer, meaning he owns the machine. As Ormandy succinctly put it, "this is about as bad as it can possibly get." Symantec is aware of the bug, and there's already a fix being pushed. If you use Symantec or Norton antivirus, you should run the Live Update tool, and check for patches. The flaw itself is due to a buffer overflow, the same kind of programming bug that caused the infamous Heartbleed Bug. But what makes this particular flaw dangerous isn't the bug itself, it's where in the system the code is unpacked. On Windows machines, Symantec is unpacking potential malware directly into the kernel, which as one Twitter user pointed out, is a really bad idea: https://twitter.com/riskybusiness/status/732374512449277952 What lessons can we learn from this? Well, as any compsci professor would probably explain, suspicious code should be examined in a walled-off sandbox, not the system kernel. For non-programmers, the lesson is much simpler: uninstall Norton or Symantec, get better about not opening suspicious files, and please, remember to do your backups.