S2T4W8 Wednesday: The 'Post-PC' Era Is Here -- But Don't Junk Your PC Just Yet, Former Hacker Comments on How PSN Attack May Have Gone Down, Microsoft: One in 14 Downloads Is Malicious, Should You Delete Your profile?

1.

The 'Post-PC' Era Is Here -- But Don't Junk Your PC Just Yet

By Jeff Bertolucci, PCWorld    May 17, 2011 3:31 PM

Has the much-discussed "post-PC era" finally begun? The term has been tossed about for years by industry executives and pundits alike. Its most recent high-profile use came during Steve Jobs' iPad 2 unveiling in March, when the Apple CEO/guru called the iPhone, iPod, and iPad "post-PC devices" that needed to be more intuitive and easier to use than conventional desktops or laptops.
Well, add Forrester Research to the list of industry watchers who believe the post-PC era has begun. In a new report released Tuesday, Forrester analyst Sarah Rotman Epps says that computing devices--and how we interact with them--are currently undergoing a dramatic shift to:
· Ubiquitous computing: Mobile devices with sensors such as accelerometers, gyroscopes, and geolocators are freeing us from the stationary limitations of desktop PCs.
· "Casual" computing: Instant-on/always-on smartphones and tablets remove the formal boot up/shutdown process of the desktop.
· A more intimate experience: Tablets and smartphones are kept close to your body, whereas using a laptop or desktop is "arms-length activity," writes Epps in a blog post. This means that consumers are using computing devices in intimate places, including the bedroom. Sounds like a boon to couples' therapists to me.
· Physical interaction with devices: Touchscreens, voice input, motion-sensing devices such as Microsoft Kinect, and cameras with facial recognition allow your "body and voice" to control the machine. By comparison, the desktop's mouse/keyboard interface is more abstract and less personal.
What's it all mean? Certainly, the mobility and ubiquity of today's tech devices is changing the way interact with our digital assistants. But the laptop and desktop aren't going away anytime soon.
"So what does 'post-PC' mean, anyway? It doesn't mean that the PC is dead," Epps writes. In fact, Forrester forecasts that U.S. consumer laptop sales will grow at a compound annual growth rate of 8 percent between 2010 and 2015, and desktop sales will decline only slightly.
And while 82 million American consumers will own a tablet in 2015, more than 140 million will own a laptop, Forrester predicts.
"In the post-PC era, the 'PC' is alive and well, but it morphs to support computing experiences that are increasingly ubiquitous, casual, intimate, and physical," says Epps.


2.

Former Hacker Comments on How PSN Attack May Have Gone Down

By    May 17, 2011 3:24 PM

The PlayStation Network is back up for most gamers around the world, but Sony has yet to give an explanation as to why and how the attack brought down the service for over a month.
Former hacker and lead architect at Mykonos Software, Kyle Adams, spoke with PCWorld about how the hack may have occurred. Adams suggests Sony may have left its doors wide open for attack by using outdated software.
Was the PlayStation Blog a Gateway?
Hackers likely gained access using an SQL injection attack, according to Adams. In other words, hackers inserted malicious code into the database, and the server erroneously executed the code. This allowed the hackers to gain access to the server.
Adams suggests that the attackers may have entered the server through Sony's blog. Sony's blog was using an outdated version of Wordpress, which has known SQL injection vulnerabilities.
"It seems likely to me that Sony got attacked through its web services first, such as the blog, and it opened up the doors to the rest of Sony's servers," Adams told PCWorld.
The attack on Sony's PSN was an "advanced persistent threat," which, as the name suggests, is a series of ongoing, planned attacks. Each planned attack opens up more and more doors, allowing the hackers to advance further into the server.
Hackers On Sony's Servers For Months
"The depths they went indicates that this hack wasn't arbitrary," Adams said.
He explains that these types of attacks can go on for weeks or even months without being discovered, and that APTs typically involve attempts to obtain valuable data.
"They perceive value in the site they're going after," Adams said. "There's a whole lot of value in the data Sony had. There's always a buyer out there."
Adams did stress that he believes Anonymous had nothing to do with the attack, and notes that the group has never hacked and taken personal information in the past.
Adams seemed to concede, however, that Sony's claim that Anonymous may have made the hacker's jobs easier with their DDoS attacks has some validity.
"It's possible for another group to go through an open backdoor," he said.


3.

Microsoft: One in 14 Downloads Is Malicious

By Robert McMillan, IDG News

The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious.

In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.
Five years ago, it was pretty easy for criminals to sneak their code onto computers. There were plenty of browser bugs, and many users weren't very good at patching. But since then, the cat-and-mouse game of Internet security has evolved: Browsers have become more secure, and software makers can quickly and automatically push out patches when there's a known problem.
So increasingly, instead of hacking the browsers themselves, the bad guys try to hack the people using them. It's called social engineering, and it's a big problem these days. "The attackers have figured out that it's not that hard to get users to download Trojans," said Alex Stamos, a founding partner with Isec Partners, a security consultancy that's often called in to clean up the mess after companies have been hacked.
Social engineering is how the Koobface virus spreads on Facebook. Users get a message from a friend telling them to go and view a video. When they click on the link, they're then told that they need to download some sort of video playing software in order to watch. That software is actually a malicious program.
Social-engineering hackers also try to infect victims by hacking into Web pages and popping up fake antivirus warnings designed to look like messages from the operating system. Download these and you're infected. The criminals also use spam to send Trojans, and they will trick search engines into linking to malicious websites that look like they have interesting stories or video about hot news such as the royal wedding or the death of Osama bin Laden.
"The attackers are very opportunistic, and they latch onto any event that might be used to lure people," said Joshua Talbot, a manager with Symantec Security Response. When Symantec tracked the 50 most common malicious programs last year, it found that 56 percent of all attacks included Trojan horse programs.
In enterprises, a social-engineering technique called spearphishing is a serious problem. In spearphishing, the criminals take the time to figure out who they're attacking, and then they create a specially crafted program or a maliciously encoded document that the victim is likely to want to open -- materials from a conference they've attended or a planning document from an organization that they do business with.
With its new SmartScreen Filter Application Reputation screening, introduced in IE 9, Internet Explorer provides a first line of defense against Trojan horse programs, including Trojans sent in spearphishing attacks.
IE also warns users when they're being tricked into visiting malicious websites, another way that social-engineering hackers can infect computer users. In the past two years, IE's SmartScreen has blocked more than 1.5 billion Web and download attacks, according to Jeb Haber, program manager lead for SmartScreen.
Haber agreed that better browser protection is pushing the criminals into social engineering, especially over the past two years. "You're just seeing an explosion in direct attacks on users with social engineering," he said. "We were really surprised by the volumes. The volumes have been crazy."
When the SmartScreen warning pops up to tell users that they're about to run a potentially harmful program, the odds are between 25 percent and 70 percent that the program will actually be malicious, Haber said. A typical user will only see a couple of these warnings each year, so it's best to take them very seriously.



4.