WordPress attacked by giant botnet

Wordpress websiteWordPress users are advised to change their user names

WordPress has been attacked by a botnet of “tens of thousands” of individual computers since last week, according to server hosters Cloudflare and Hostgator.

The botnet targets WordPress users with the username “admin”, trying thousands of possible passwords.

The attack began a week after WordPress beefed up its security with an optional two-step authentication log-in option.

The site currently powers 64m websites read by 371m people each month.

According to survey website W3Techs, around 17% of the world’s websites are powered by WordPress.

“Here’s what I would recommend: If you still use ‘admin’ as a username on your blog, change it, use a strong password,” wrote WordPress founder Matt Mullenweg on his blog.

He also advised adopting two-step authentication, which involves a personalised “secret number” allocated to users in addition to a username and password, and ensuring that the latest version of WordPress is installed.

“Most other advice isn’t great – supposedly this botnet has more than 90,000 IP addresses, so an IP-limiting or login-throttling plugin isn’t going to be great (they could try from a different IP [address] a second for 24 hours),” Mr Mullenweg added.

Matthew Prince, Chief Executive and co-founder of Cloudflare, said that the aim of the attack may have been to build a stronger botnet.

“One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack,” he wrote in a blog post.

“These larger machines can cause much more damage in DDoS [Distributed Denial of Service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” he added.

Article source: http://www.bbc.co.uk/news/technology-22152296#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Google makes anti-trust concessions

Surfboards in Google officeThe investigation into Google’s European search business started in 2010

Google has proposed a package of concessions as it seeks to end a long-running investigation into its European search business.

The suggested changes to its business were made following talks with European Commission competition regulators.

Since November 2010, Brussels has been looking into Google’s search business following complaints from rivals.

Google said it was continuing to co-operate with the Commission investigation.

Test case

The anti-trust investigation was kicked off by rivals such as Microsoft, as well as mapping firms and web retailers which said the way Google ran its search business made it hard for them to compete fairly.

In a statement, Antoine Colombani, the Commission spokesman on competition policy, said it had completed its preliminary assessment a few weeks ago and had told Google of its concerns.

This, he said, had prompted Google to submit a formal proposal to the Commission about what it would do to change the way it operated. By making formal proposals, Google hopes to head off potentially huge fines.

Among the measures, Google is believed to have offered to label its services to make it more obvious to people what they are using and to make it easier for people to use rival advertising services, the Reuters news agency reports.

The proposals will now be subjected to a “market test” to gauge the response of rivals and to see if the suggested remedies meet the Commission’s requirements.

Speaking in Washington, Joaquin Almunia, the EU competition commissioner, said any agreement reached with Google would be legally binding.

In January, the US Federal Trade Commission ended its anti-trust investigation and won a pledge from Google to end some practices, such as scraping data from websites to help target adverts, that had triggered the competition probe.

Article source: http://www.bbc.co.uk/news/technology-22123921#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Rural mobile funds ‘not being spent’

Indian villagers, part of a Self Help Group (SHG) organisation, pose with mobile phones and laptops in Bibinagar villageAlmost half of India’s internet users access the web through their mobiles

Funds set up to improve poor and rural access to mobile services worldwide are “inefficient and ineffective”, according to a report.

More than $11bn (£7.2bn) has yet to be spent, according to the GSMA, which brings together global mobile operators, handset makers and internet providers. “Very few funds, if any, would appear to disburse all that they collect,” it said.

Less than 12.5% of the funds are meeting their own targets.

Universal service funds (USF) are set up by levies on telecoms in individual countries, which are then used to increase consumer access based on criteria such as income distribution, rural and urban population ratios, literacy and geography.

But the GSMA report estimates that more than one-third of the 64 funds surveyed have yet to disburse any of the contributions they have collected.

“Our research shows that, despite the fact that there is an ever-increasing amount of money sitting unused in these funds, governments continue to collect still more from the mobile operators,” said Tom Phillips, the chief regulatory officer at GSMA.

“The situation needs urgent government review and attention, as the money collected to date far exceeds the amount that is needed to ensure universal access.”

Among the funds dubbed by the GSMA as “ineffective or severely constrained and/or legally challenged” are those set up in Brazil, the Czech Republic, Ecuador, France and Italy.

The Indian USF, for example, contains more than $4bn in unspent money but still imposes a 5% levy on operator revenues.

The USFs in Afghanistan, Bolivia, South Africa and the US have been accused of “poor or inefficient administration” of the money, the global body said.

But the GSMA cited Colombia as an example of the way USFs should be structured, with a reduction in levies and a transparent public bidding process.

Article source: http://www.bbc.co.uk/news/technology-22121429#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Google chief wary of mini-drones

Remo Peduzzi, managing director of ResearchDrones LLC Switzerland, prepares to fly a drone at the Kaziranga National Park at Kaziranga in Assam state, India, 8 AprilDrones like the one pictured are being used to detect poachers in the Indian state of Assam – one of the many non-military uses for such aircraft

The influential head of Google, Eric Schmidt, has called for civilian drone technology to be regulated, warning about privacy and security concerns.

Cheap miniature versions of the unmanned aircraft used by militaries could fall into the wrong hands, he told the UK’s Guardian newspaper.

Quarrelling neighbours, he suggested, might end up buzzing each other with private surveillance drones.

He also warned of the risk of terrorists using the new technology.

Mr Schmidt is believed to have close relations with US President Barack Obama, whom he advises on matters of science and technology.

“You’re having a dispute with your neighbour,” he told The Guardian in an interview printed on Saturday.

Google executive chairman Eric Schmidt on 22 March 2013Eric Schmidt is one of the world’s leading figures in digital technology

“How would you feel if your neighbour went over and bought a commercial observation drone that they can launch from their backyard. It just flies over your house all day. How would you feel about it?”

Warning of mini-drones’ potential as a terrorist weapon, he said: “I’m not going to pass judgment on whether armies should exist, but I would prefer to not spread and democratise the ability to fight war to every single human being.”

“It’s got to be regulated… It’s one thing for governments, who have some legitimacy in what they’re doing, but have other people doing it… it’s not going to happen.”

Small drones, such as flying cameras, are already available worldwide, and non-military surveillance were recently introduced to track poachers in the remote Indian state of Assam.

The US and Israel have led the way in recent years in using drones as weapons of war as well as for surveillance.

America’s Federal Aviation Administration is currently exploring how commercial drones, or unmanned aircraft systems, can be safely introduced into US airspace.

Article source: http://www.bbc.co.uk/news/technology-22134898#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Cyber thieves target bitcoin owners

Winklevoss twinsWell known owners of bitcoins include the Winklevoss twins, who own about $11m of the virtual currency

The bitcoin virtual currency has had a volatile 24 hours that saw values plummet, hack attacks, trading shutdowns and bitcoin-stealing malware.

From the high of $260 (£169) for each bitcoin on 10 April, bitcoins are now worth less than $100 (£65) each.

The main bitcoin exchange shut down for 12 hours to install hardware to help it cope with trading volumes.

In addition, malicious software is emerging that seeks out and empties the virtual wallets of bitcoin owners.

MTGox, on which most bitcoin trading takes place, was overwhelmed earlier this week by the amount of people who joined the exchange to trade the virtual cash. The computer problems prompted a round of panic selling that forced values to plunge.

The exchange went offline to beef up its hardware to cope with trading volumes and stem the fall in value. However, soon after trading resumed the site came under a sustained hack attack which saw it bombarded with data. In a tweet, MTGox said the it was being hit by a “stronger than usual” attack.

It went offline again to avoid the attack and when it re-started, bitcoins continued to fall in value. Early on 12 April each bitcoin was worth about $90 (£58).

‘Litecoins’

Owners of bitcoins have also become the target of cyber thieves keen to cash in on the boom in the digital currency.

A phishing gang posted a message to the discussion forum of a website used by many bitcoin traders saying MTGox was about to start trading “litecoins” – an alternative to bitcoins. In the message was a link that supposedly connected to an official MTGox chat site.

In fact, the site that people were taken to if they clicked on the link was fake and, via a booby-trapped update file, installed malicious software that then emptied digital wallets of bitcoins. At least one trader was hit in the attack and lost 34 bitcoins as a result.

In a post about the theft posted to the Bitcointalk forum, the victim said he was “stupid” not to have taken more trouble to stay safe but added: “This is a serious loss for me, and unless this is handled correctly this can also badly affect the community.”

It has also emerged that Tyler and Cameron Winklevoss, who famously sued Facebook founder Mark Zuckerberg claiming they had the original idea for the social network, have substantial bitcoin holdings. In an interview with the New York Times, the pair said they owned about $11m of the virtual coins – about 1% of the global supply.

Article source: http://www.bbc.co.uk/news/technology-22120833#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Web games get fair trading scrutiny



Cavendish Elithorn

Please turn on JavaScript. Media requires JavaScript to play.

Cavendish Elithorn, OFT: “It’s important parents understand… how much they’re going to cost”

Web and phone games aimed at children that charge for extras are being investigated by the Office of Fair Trading.

The OFT wants to find out if the games put undue pressure on children to pay for additional content.

Many games ask players to pay to get coins, gems or other virtual items to speed their progress through levels.

The OFT wants to hear from parents who have seen firms aggressively pushing in-game content to children.

High cost

The investigation comes alongside media reports about children spending large sums on virtual items for smartphone and web games.

In March, five-year-old schoolboy Danny Kitchen, from Bristol, managed to rack up charges of more than £1,700 while playing the Zombies versus Ninjas game on his parents’ iPad. The money has since been refunded by Apple.



Tablet

Please turn on JavaScript. Media requires JavaScript to play.

The BBC’s Technology correspondent Rory Cellan-Jones explains some of the things you can do to prevent charges from web and phone games

In January this year, regulator PhonePayPlus revealed it had seen a 300% increase in complaints from consumers about the bills generated when they buy add-ons for games and other apps.

In its investigation, the OFT wants to find out if the games are “misleading, commercially aggressive or otherwise unfair” when they give people the chance to buy extras. It also wants to find out if children are being specifically targeted by such applications.

“We are concerned that children and their parents could be subject to unfair pressure to purchase when they are playing games they thought were free, but which can actually run up substantial costs,” said Cavendish Elithorn, the OFT’s senior director for goods and consumer.



An iPhone's touchscreen being used

Please turn on JavaScript. Media requires JavaScript to play.

Makers of games that strongly encourage children to buy or pressure them to ask parents to buy on their behalf could be breaking laws on fair trading, said the OFT.

Mr Elithorn said the OFT did not want to ban in-game purchases, but wanted to be sure that games-makers are complying with relevant laws. Consumer groups or parents with evidence of games aggressively marketing in-game extras should contact the OFT, it said.

Figures gathered by the OFT reveal that the vast majority of the most popular smartphone games were free to install but raised cash for their creators via in-app purchases. Such extras were priced very differently, it said, with some costing only a few pence but the most high-priced were £70.

Article source: http://www.bbc.co.uk/news/technology-22109188#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Twitter move hints at music service

Twitter musicThe music.twitter.com site went live late on Thursday

Micro-blogging site Twitter is rumoured to be launching a new music service after buying the music discovery site We Are Hunted.

We Are Hunted confirmed the deal, adding “there’s no question that Twitter and music go well together” – and said it was shutting down.

The hashtag #music is also featured on the newly-launched music.twitter.com.

Reports suggest the new service will offer personalised recommendations on music through its own dedicated app.

US celebrity host Ryan Seacrest confirmed the existence of Twitter’s new app on Thursday via a tweet: “playing with @twitter’s new music app (yes it’s real!)… there’s a serious dance party happening at idol right now”.

The music app could be announced as soon as Friday.

The We Are Hunted acquisition actually happened in 2012, according to reports, suggesting that the music service has long been in the works.

In seven years, Twitter has accumulated 200 million users worldwide, who now send an average of 400 million short messages – or tweets – every day.

Twitter’s latest move comes as music streaming – where the songs are hosted on servers by companies such as Spotify rather than bought and kept on consumers’ computers – has taken off amid a boom in digital downloading.

The streaming market is now worth £49m to record labels in the UK, the trade body BPI has said.

It comes as iPhone-maker Apple is reported to have agreed a deal with the biggest music label Universal to create an internet radio service similar to Pandora using its iTunes platform.

Article source: http://www.bbc.co.uk/news/technology-22121338#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

North Korea blamed for cyber-attacks

Cyber researcher in SeoulSouth Korean investigators say some of the malware had been used in previous attacks

South Korea has accused North Korean spies of masterminding a series of high-profile cyber-attacks last month.

Tens of thousands of computers were made to malfunction, disrupting work at banks and television broadcasters in the South.

Investigators in Seoul said they had discovered some of the code involved was identical to that used in malware previously linked to Pyongyang.

The allegation adds to growing tension on the Korean peninsula.

On Tuesday North Korea told foreigners in the South to “work out measures for evacuation” to avoid becoming involved in a “thermonuclear war”.

Seoul’s foreign minister subsequently said that there was a “considerably high” risk that its neighbour might fire a ballistic missile at it over the coming days.

North Korea has not commented on the cyber-attack accusation.

Cyber-evidence

About 48,000 PCs and servers in the South were struck on 20 March.

The assault shut down computer networks at TV stations KBS, MBC and YTN, and halted operations at three banks – Shinhan, NongHyup and Jeju.

Investigators in Seoul reported their initial findings suggested North Korea’s military-run Reconnaissance General Bureau had been responsible.

A spokesman announced that 30 out of 76 programs recovered from affected computers were the same as those used in previous strikes.

In addition he said that 22 of the 49 internet protocol (IP) addresses involved in the incidents matched those used in attacks blamed on the North over the past five years.

The recent assaults shortly followed a South Korea-US joint military exercise, but it was suggested they had been long in the planning.

Korea Internet Security AgencyThe Korea Internet Security Agency plans to issue a final report into the attacks at a later date

“The attackers gained control of personal computers or server computers within the target organisations at least eight months ago,” a government statement reported in the Korea Herald said.

“After maintaining monitoring activities [they] sent out the command to delete data stored in the server, and distributed malware to individual computers through the central server.”

South Korea’s Financial Services Commission added that no bank records or personal data had been compromised.

‘Outdated system’

Previous cyber-intrusions blamed on Pyongyang include attempts to block access to the website of South Korea’s presidential office and other government departments, and hacks of computers at Nonghyup bank and the Joonang Ilbo newspaper.

In turn, North Korea has accused both the South and the US of preventing users from being able to visit its official media sites – the Rodong Sinmun newspaper and the Korean Central News Agency – earlier this year.

It has led some commentators in the South to criticise the state of their cyber-defences bearing in mind the public there is much more reliant on the internet than citizens in the North.

“South Korea cannot cope with unpredictable and sophisticated provocations from North Korea with a bureaucratic, rigid mindset,” wrote Chae In-taek in the Joonang Ilbo.

“National security cannot be assured through an outdated system. We must come up with an innovative security system fast.”

Article source: http://www.bbc.co.uk/news/technology-22092051#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Top porn sites ‘pose malware risk’

A man wearing glasses looks at a pornography websiteSome advertisements were found to be installing harmful software on users’ machines without consent

Browsing some of the internet’s most popular pornography websites is increasingly putting visitors at risk, research has found.

Advertisements displayed by the sites, which are visited by millions every day, were found to be installing harmful files without users’ knowledge.

Researcher Conrad Longmore found that two popular sites – xhamster and pornhub – posed the greatest risk.

He said it should be easier for users to report malicious advertising.

He said it was primarily Windows users at risk, but that criminals were increasingly turning their attentions to mobile devices.

While none of the porn sites observed hosted any malware themselves, it was the embedded advertisements within their pages that created problems for users.

“We call these malicious advertisements ‘malvertising’,” explained Mr Longmore.

“The way the ads are bought and sold across all websites is incredibly complex.

“Ads can often be repackaged and resold so that it is hard to tell where they originated from, and the criminals behind them go to great lengths to disguise what they are doing.”

‘Sudden spike’

Mr Longmore compiled his figures using Google’s diagnostic advice service, which regularly analyses websites for harmful content.

The data showed that xhamster – listed by monitoring firm Alexa as the 46th most popular site on the internet – had malvertising on 1,067 out of 20,986 pages (5%) screened in the past 90 days.

Continue reading the main story

Start Quote

Part of the problem is that porn is a taboo subject”

End Quote
Conrad Longmore
Security researcher

According to Alexa’s statistics, the average user of xhamster would look at 10.3 individual pages – meaning a potential 42% risk of stumbling across harmful adverts in each viewing session.

Another site, pornhub, was found to have dangerous advertising on 12.7% of its pages.

Mr Longmore said: “There seems to have been a sudden spike in malware on popular sites, especially in the past week or so. “

However, the web’s most popular porn site, xvideos, was not found to have any harmful adverts in the time sampled by Google’s system – a sign the site had “cleaned up”.

Reporting mechanism

Mr Longmore believes a culture of users being afraid to “kick up a fuss” means many instances of malvertising go unreported.

“Part of the problem is that porn is a taboo subject,” he said.

“But the reality is that these are hugely popular sites with many of them in the top 100 most popular sites globally. Some of them pull in more traffic than the BBC, so this is potentially a very big issue.

“Site operators could put a quick reporting mechanism on their sites to flag up bad ads and other concerns, and ad networks should also take some responsibility here.

“I don’t see that happening any time soon, and perhaps the best thing that users of these sites can do is ensure that their machines are up to date.”

The BBC has approached the owners of xhamster and pornhub but has yet to receive any comment.

Article source: http://www.bbc.co.uk/news/technology-22093141#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Google Maps edit tools come to UK

Google Map MakerUsers can add four different kinds of features to the firm’s online maps

Google is expanding its Map Maker edit tools to the UK.

The browser-based software allows users to add details about buildings, hiking trails, vegetation and other features to its maps of the country.

Suggested additions and amendments are reviewed by other users and the firm’s own staff before going live.

The move comes at a time when Apple, Nokia and others are investing heavily in rival “free-to-use” mapping technologies.

Experts suggest the rise of GPS-enabled devices means the efforts could hold the key to future profits if the firms add location-triggered adverts or use the data to promote situation-specific services.

But for now they see little or no financial return from their current smartphone map apps beyond the value added to their brands.

Codebreaking cartographers

Google first launched its Map Maker service in 2008 to allow users to help it add details to its maps of Pakistan, Vietnam and just over a dozen other countries.

It allowed the firm to fill in blanks to the third-party data it had licensed at a time when its own cartographers were focused on other territories.

The company later extended the facility to much of the rest of the world including the US, France and Australia – countries where it also uses sensor-equipped cars to collect mapping data.

Google said there were “technical obstacles to overcome” when merging any of its existing data with Map Maker, helping explain why it had taken until now to bring it to the UK.

Ahead of the launch workers at Bletchley Park – the site of Britain’s World War II codebreaking efforts – trialled the software to help promote the roll-out. The search giant had previously donated money towards the estate’s restoration fund.

Trust score

Map Maker users are presented with an interface allowing them to add four types of content:

  • Places – such as a gym, bank, cinema or bus station.
  • Roads, Rivers and Railways – including hiking trails and bicycle routes.
  • Building Outlines – allowing the inclusion of 3D graphics for offices, houses, monuments and other structures.
  • Natural Features and Political Boundaries – including lakes, parks and shrubbery.

Google Map MakerUsers can draw new features onto the firm’s maps and then provide details about their additions via a set of menus

Click-through menus allow specific details about each feature and relevant internet links to be added. There is also an option to edit pre-existing objects.

Users wising to amend the firm’s UK maps had previously only been able to report problems or suggest limited changes.

Before alterations are made to Google’s live maps other contributors must review the suggestions.

To encourage this Google lets users click a button to show proposed alterations in their neighbourhood, and Map Maker Pulse – a constantly updating display of submissions made across the UK, each one shown seconds after it is uploaded.

Volunteers build up a confidence score as more of their submissions are approved and after a while require fewer checks.

“We have a trust moderation system in place and that algorithmically figures out whether we can trust this person and how sensitive the feature is,” project manager Jessica Pfund told the BBC.

“No matter how trusted you are if you change a very prominent feature, like a Tate art gallery, it’s going to have to go through a lot more moderation than if you add a small restaurant to the rural countryside.”

She added that users could expect accurate additions to go live within a few days of them being proposed.

Market leader

Ms Pfund acknowledged that in its current state Map Maker did not work well on mobile devices, recommending it only be used on PCs.

Users may also wish to bear in mind the firm’s terms and conditions which state: “You give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display, distribute, and create derivative works of the user submission.”

Nokia Here MapsNokia is also seeking map changes in parts of Africa and South America

Google is not alone in seeking to outsource part of its cartographic efforts to volunteers.

Apple’s chief executive, Tim Cook, said his firm appreciated feedback when he apologised in September for the rocky start to the iPhone maker’s own app, promising “the more our customers use our Maps the better it will get”.

Nokia is also beta testing its own browser-based Map Creator facility for its Here maps product – but within Europe the tool is currently limited to a few islands belonging to Norway and Denmark.

Tech consultancy Gartner says Google’s market leading position as the most popular map data provider for smart devices remained secure for now, but adds it will be mindful of rivals’ efforts.

“Google needs to continue to continue to invest to stay ahead – it’s not going to be a free run as it has been so far,” said consumer devices analyst Carolina Milanesi.

Article source: http://www.bbc.co.uk/news/technology-22099960#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa