Sony’s the Bomb | Tech Talk Today 48

Sony’s the Bomb | Tech Talk Today 48

Sony is under attack again, but this time the hackers have taken it to the physical world. Another Android flaw is getting over hyped, Windows 9 gets a release date, the most popular open source cloud projects & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:


Show Notes:

Sony PlayStation Network taken down by attack

Sony Corp said on Sunday its PlayStation Network was taken down by a denial of service-style attack and the FBI was investigating the diversion of a flight carrying a top Sony executive amid reports of a claim that explosives were on board.

The company said in a posting on its PlayStation blog that no personal information of the network was accessed in the attack, which overwhelmed the system with heavy traffic.

Plane carrying Sony Online Entertainment President John Smedley was diverted on Sunday, Smedley said in a post on microblogging site Twitter.

A group called Lizard Squad sent a message through its Twitter account to American Airlines saying Smedley’s flight had explosives on board, according to a report by USA Today. The group also used Twitter to claim credit for the network attack, the newspaper said.

USA Today reported that the Dallas/Fort Worth flight to San Diego was diverted and landed safely in Phoenix.

A PlayStation spokeswoman in the United States said the diverted flight was being handled by the FBI and had no comment.

Android attack improves timing, allows data theft | Ars Technica

According to a team of researchers from the University of Michigan and the University of California at Riverside.

The attack, known as a user interface (UI) inference attack, makes use of the design of programming frameworks that share memory, allowing one application to gather information about the state of other applications. The information can be gathered without any special Android permissions or by grabbing screen pixels, according to a paper presented at the USENIX Security Conference on Friday.

The technique gives attackers the ability to infer the state of a targeted application, enabling more convincing attacks. If malware knows that the targeted user has just clicked on a “login” button, then it can throw up a dialog box asking for a username and password. If the malware can infer that a user is about to take a picture of a check or sensitive document, it can quickly take a second picture.

An attack application must be running in the background, where it can determine the foreground activity of a targeted app with 80 to 90 percent accuracy in most applications, the researchers said. The technique detects transitions in the UI state of the targeted app and then uses a signature to identify the new state.

In videos demonstrating the UI inference attack, the research group showed the malicious software stealing a username and password from the H&R Block application, copying an image of a check taken by the Chase Bank application, and stealing credit-card information from the NewEgg store.

“By design, Android allows apps to be preempted or hijacked,” Qian said in a statement. “But the thing is you have to do it at the right time so the user doesn’t notice. We do that and that’s what makes our attack unique.”

Because the attack does not focus on any specific vulnerability in the operating system, hardening the software to attack will be difficult, according to the paper.

While the researchers focused on the Android operating system, the operating-system architecture that they exploit is present on most other major OSes, including MacOS X, iOS and Windows, the paper stated.

“We believe our attack on Android is likely to be generalizable to other platforms,” the paper stated.

Most smartphone users download zero apps per month

Mobile apps have skyrocketed in popularity and utility since Apple introduced the iPhone App Store in the summer of 2008. Apps now represent 52% of time spent with digital media in the US, according to comScore, up from 40% in early 2013. Apple boasted 75 billion all-time App Store downloads at its developers conference in June, and followed up by declaring July the best month ever for App Store revenue, with a record number of people downloading apps.

Yet most US smartphone owners download zero apps in a typical month, according to comScore’s new mobile app report.

Only about one-third of smartphone owners download any apps in an average month, with the bulk of those downloading one to three apps. The top 7% of smartphone owners account for “nearly half of all download activity in a given month,” comScore reports.

Microsoft set to unveil Windows 9 on September 30th | The Verge

Microsoft is planning to unveil its Windows 8 successor next month at a special press event. Sources familiar with Microsoft’s plans tell The Verge that the software maker is tentatively planning its press event for September 30th to detail upcoming changes to Windows as part of a release codenamed “Threshold.” This date may change, but the Threshold version of Windows is currently in development and Microsoft plans to release a preview version of what will likely be named Windows 9 to developers on September 30th or shortly afterwards. The date follows recent reports from ZDNet that suggested Microsoft is planning to release a preview version of Windows 9 in late September or early October.

Most popular open-source cloud projects of 2014 | ZDNet

At CloudOpen, a Linux Foundation tradeshow held in conjunction with LinuxCon, the Foundation announced that an online survey of open-source cloud professionals found OpenStack to be the most popular overall project.

That wasn’t surprising. Although OpenStack is only four years old, the Infrastructure-as-a-Service (IaaS) cloud project is very popular with support from such industry giants HP, Red Hat, and VMware. What was somewhat surprising was that number two was Docker, the just-over-a-year old container technology.

Behind those two, you’ll find KVM, the x86 virtualization technology that’s recently been ported to Power; CloudStack, one of the older open-source IaaS cloud projects; and Ceph, the open-source, software-defined storage stack.

Question? Comments? Contact us here!