Uptime

Members of Anonymous' "Antisec" collective struck a Web server of the Federal Trade Commission's Bureau of Consumer Protection early on February 17, hacking into and defacing the sites hosted on it. 

"The Bureau of Consumer Protection’s Business Center website and the partnership site NCPW run by the Federal Trade Commission were hacked earlier today," FTC spokesperson Cecelia Prewett said in an official statement sent to Ars. "The FTC takes these malicious acts seriously. The sites have been taken down and will be brought back up when we’re satisfied that any vulnerability has been addressed."

The log of the hack, a cut-and-paste from a shell session on the Red Hat Enterprise Linux server, shows the server's directories, the user account names and encrypted passwords stored in its etc/shadow file, and the MySQL databases running on the server. The contents of two of the tables posted in the log dump include the contents of a table with the account names, e-mail addresses, and hashed passwords of what appears to be the users of the server's installations of Drupal and Wordpress.

While the websites belong to the FTC, they weren't running in a government-owned data center. According to the IP address data for the server, it was hosted by Media Temple in Culver City, California, and it appears its sites were set up for the FTC by the public relations firm Fleishman-Hilliard. Spokespeople for Fleishman and Media Temple could not be reached by Ars for comment.

Based on the claims of the Anon Antisec member who posted the log of the attack to Pastebin.com, the attack was motivated by the FTC's failure to step in to stop Google's changes in its privacy policy, and by the US government's support of ACTA. In the statement, the Anon threatened that "If ACTA is signed by all participating negotiating countries...We will systematically knock all evil corporations and governments off of our internet."

Google has announced the release of an experimental Chromium build that includes an integrated Dart language runtime. The browser, which Google calls Dartium, is being made available as a technical preview for the benefit of developers who want to see how the Dart virtual machine works in a browser.

Dart is a new programming language that Google is developing for client-side Web scripting. The language has a more conventional object model than JavaScript and optional support for static typing, features that Google claims will allow it to be faster, safer, and more conducive to tooling than JavaScript. Much like Microsoft's VBScript, Dart is a nonstandard client language that is developed and supported by a single vendor outside of the Web standards process.

Google intends to include a Dart virtual machine in Chrome, but the language seems unlikely to attract the support of other browser vendors. Google is developing a compiler that will allow Dart code to be converted into JavaScript so that it can run in browsers where Dart is not supported. This "transpiler" approach is similar to how the CoffeeScript convenience language is used today.

Dartium, which includes an integrated Dart virtual machine, is the first browser that can run Dart code that hasn't first been converted to JavaScript. It can load raw Dart code from a conventional script tag. Dartium, which can be downloaded from the Dart language website, is currently available for Mac OS X and Linux. Google says that a Windows build is coming soon. For more details, you can refer to the official Google Code blog.

Oracle has announced the general availability of MySQL Cluster 7.2 as a GPL download, and claims to have achieved a benchmark of 1 billion queries per minute and 110 million updates per minute on an eight-server cluster. Those results, based on the flexAsynch test in the DBT-2 benchmark, were attained using a new NoSQL NDB C++ API.

Mikael Ronstrom, senior MySQL architect at Oracle, described the test rig for the benchmark in a blog post on February 15. He said that the server cluster used in the test ran on eight two-socket servers, each running one data node, "using X5670 with Infiniband interconnect and 48GB of memory per machine." Ten other machines ran the flexAsynch queries against the cluster.

In the flexAsynch test, "each read is a transaction consisting of a read of an entire row consisting of 25 attributes, each 4 bytes in size," he wrote. "flexAsynch uses the asynchronous feature of the NDB API which enables one thread to send off multiple transactions in parallel. This is handled similarly to how Node.js works with callbacks registered that reports back when a transaction is completed."

The results were a eight-fold improvement from a similar benchmark ran by Oracle last year. But given that there aren't any published results anywhere else for flexAsynch scores from any other vendor, it's hard to say exactly what these results mean, or how the performance compares to other open-source NoSQL databases.

The Waledac botnet taken offline in February 2010 remains very much dead, but the code used to create the spamming botnet has been retooled for a more sinister purpose: stealing passwords.

Security vendor Palo Alto Networks says it detected a new variant of the Waledac botnet targeting its customers' networks beginning on Feb. 2, with portions of the same code used by Waledac. "The new version has upgraded its malicious abilities to include stealing of passwords and authentication data," Palo Alto said in a blog post yesterday. "This includes the ability to sniff user credentials for FTP, POP3, SMTP and steal .dat files for FTP and BitCoin. All of this information is uploaded to the botnet, and of course would be very valuable for enabling further attacks."

The original Waledac was taken offline by Microsoft two years ago, when the company severed the connection between the botnet's command-and-control servers and the thousands of zombie computers it was controlling. With court permission, Microsoft took over the domains used to run the botnet. "To avoid confusion it is important to note that this is a new variant of the botnet, and not the original version, which remains under the control of Microsoft," Palo Alto noted.

Before updating its signatures to block the botnet's malware, Palo Alto detected it on 30 or 40 customer firewalls, primarily in Europe. The exact scope isn't known yet, but it is clearly smaller and more targeted than a typical spamming botnet, and also more threatening. Infections are occurring through Web browsers, though the exact delivery method is also still under investigation. While a spamming botnet "would grow as fast as it can and infect as many people as possible," this one is "staying a bit lower to the ground," Palo Alto Senior Security Analyst Wade Williamson tells Ars. The change in behavior from spamming to password-stealing "has to be scary for a lot of enterprises," he said.

The re-use of Waledac code is similar to what has happened with Kelihos, another botnet whose code was reused to create a second botnet after the original was dismantled. Microsoft did not say whether it is tracking the new botnet spotted by Palo Alto, but provided Ars this statement from Richard Boscovich, the senior attorney in its Digital Crimes Unit: "Since taking down the Waledac botnet in 2010, the botnet remains dead and Microsoft continues to control the domains once used by the botnet’s operators. We also regularly work with ISPs and CERTs around the world to help people remove the Waledac malware and regain control of their computers."

HP has published the source code of Isis, the webOS Web browser. The company has also released the code of the browser's underlying HTML rendering engine, which is based on QtWebKit. The code is available from GitHub and is distributed under the permissive Apache license.

The webOS platform is built on top of Linux, but has a proprietary userspace stack. HP announced in December that it would open the platform's source code and continue developing it in collaboration with the open source software community. HP began publishing the code last month with the release of the Enyo JavaScript framework. The release of the browser today is another step forward for HP's webOS open source roadmap.

The webOS browser has been spun off into a new project called Isis, with the aim of making it cross-platform compatible. The browser's user interface is built with Enyo and is powered by QtWebKit, a port of the WebKit rendering engine that is part of the open source Qt development framework.

The Qt framework is owned by Nokia, but is used by other mobile platform vendors, including RIM and HP. One of the chief advantages of Qt is that it is highly portable. Using QtWebKit to supply the underlying HTML rendering engine for Isis will make it easier to bring the browser to additional mobile platforms.

Isis supports the Netscape Plugin API (NPAPI), which means that it is designed to support Flash and other browser plugins that handle embedded Web content. The browser itself doesn't come with a Flash implementation, of course, so it will only support the plugin on platforms where Flash is available.

For more details about the browser, you can refer to the Isis project website and the announcement on the HP blog. The code is available from GitHub.

Nortel Networks suffered a security breach that for almost a decade gave attackers with Chinese IP addresses access to executive network accounts, technical papers, employee emails and other sensitive documents at the once-thriving telecommunications firm, The Wall Street Journal reported (subscription required).

The publication, citing a former 19-year Nortel employee who oversaw the investigation into the hack, said Nortel did nothing to keep out the hackers except to change seven compromised passwords that belonged to the CEO and other executives. The company "made no effort to determine if its products were also compromised by hackers," the WSJ said. Nortel, which sold off parts of its business as part of a 2009 bankruptcy filing, spent about six months investigating the breach and didn't disclose it to prospective buyers.

The infiltration dated as far back as 2000 and allowed the hackers "access to everything," Brian Shields, who was a senior adviser for systems security at Nortel, told the WSJ. By 2009—five years after a breach was first discovered, he found rootkits still burrowed deep into some of the laptops he examined. They were using an encrypted channel to send e-mail and other sensitive information to servers near Beijing.

Security experts call the type of attacks described in the report APTs, or advanced persistent threats. The term came into vogue in early 2010, following a disclosure by Google that it was the victim of a "highly sophisticated and targeted attack" that stole intellectual property and information used to spy on Gmail users. APTs differ from financially motivated attacks in that they're aimed at a particular company or group of companies and the hackers behind them are willing to remain dormant for months or years so they can surreptitiously access as much sensitive data as possible.

RSA has said that it was a victim of an APT, in an attack that exposed information that could compromise the effectiveness of two-factor SecurID tokens 40 million employees use to access corporate and government networks around the world. Military contractor Lockheed Martin also disclosed a breach it said was aided by the theft of that confidential RSA data. Other companies reported to suffer APTs in the past few years include Morgan Stanley, Exon Mobil, Royal Dutch Shell, BP, Marathon Oil, ConocoPhillips, and Baker Hughes.

Cisco came up with an interesting prediction in its latest forecast of global mobile data traffic: by the end of this year, there will be more Internet-connected mobile devices than people on Earth.

"By the end of 2012, the number of mobile-connected devices will exceed the number of people on Earth, and by 2016 there will be 1.4 mobile devices per capita," Cisco said in its Global Mobile Data Traffic Forecast Update released today. "There will be over 10 billion mobile-connected devices in 2016... exceeding the world's population at that time (7.3 billion)."

The numbers include not just phones but tablets, laptops, handheld gaming consoles, e-readers, in-car entertainment systems, digital photo frames, cameras, and "machine-to-machine modules." That latter category includes applications such as using wireless networks to update digital billboards.

Global mobile data traffic doubled for the fourth year in a row in 2011, and will grow 18-fold by 2016, hitting 130 exabytes a year (the equivalent of 33 billion DVDs, 4.3 quadrillion MP3 files, or 813 quadrillion text messages), Cisco said. Not surprisingly, streaming content, video in particular, is expected to play a huge role in increasing data traffic. Good news for users: mobile network speeds will increase nine-fold by 2016. Bad news: the days of unlimited data plans seem to be expiring quickly, with few exceptions.

Google Wallet will temporarily stop provisioning prepaid credit cards to prevent the exploitation of a recently discovered vulnerability which allows crooks to siphon funds out of devices that are lost or stolen.

Google disabled the prepaid capability on February 10, a day after The Smartphone Champ blog exposed what it called a "painfully easy" exploit that allowed people to recover prepaid balances stored in Google Wallet without knowing the personal identification number protecting the app. To exploit the flaw, attackers need do nothing more than clear data from its settings menu and set a new PIN.

"The problem here is that since Google Wallet is tied to the device itself and not tied to your Google account, that once they set the new pin and log into the app, when they add the Google prepaid card it will add the card that is tied to that device," a blogger with the name Hashim wrote. "In other words, they’d be able to add your card and have full access to your funds."

Osama Bedier, vice president of Google Wallet and Payments, said phones that are accessible only when a user PIN or pattern are entered into the device, aren't vulnerable to the attack. He encouraged all users of the mobile payments service to enable such lock screens, which aren't turned on by default. But he said Google was temporarily disabling provisioning of prepaid cards as a precaution until a permanent fix for the underlying vulnerability is made.

The exploit from The Smartphone Champ came a day after an engineer at security firm Zvelo disclosed a separate method for cracking Google Wallet PINs on Android devices that have been rooted. The vulnerability stems from the decision to store cryptographic hashes in a database that's associated with the app, rather than the handset's Secure Element chip, McAfee researcher Jimmy Shah blogged.

Google's Bedier said Google Wallet users shouldn't root their devices.