Around the IT Industry 11/18-11/22

by Modis on November 22, 2013

New Backdoor Worm Attacks Apache Tomcat Websites

If your computer is running the Apache Tomcat Web server, researchers have identified a new self-replicating malware that uses a backdoor to attach other machines. This new worm has been named Java.Tomdep, and is a Java Servlet based code that allows the Tomcat platform to perform malicious acts. Infected machines maintain Internet relay chat (IRC) communications with the attacker servers, located in Luxembourg and Taiwan. The control servers send commands and receive progress reports back and forth from the infected machines. The affected platforms include: Linux, Mac OS X, Solaris, and most versions of Windows. It appears to be designed to harness the massive amount of computer power and bandwidth web servers use in denial-of-service attacks against other machines. There is no indication that it is used to attack website visitors.

Which Major Companies Encrypt Your Data?

With increasing concern over how the NSA and other agencies use unencrypted traffic as a method of hacking your data, it is becoming more important for major companies to protect consumer data. A “crypto report card” ranks how well major companies are protecting your information. Only Dropbox, Google, SpiderOak, and received a perfect score. The following five categories were measured: Encrypts data center links, supports HTTPS, HTTPS Strict (HSTS), Forward Secrecy, and STARTTLS. Twitter follows close behind that perfect score, only lacking STARTTLS, only mattering if it offered email – it does, but only to employees. Providers like AT&T, Verizon, and Comcast appear to care very little about security.  Hopefully, this information will encourage major companies to focus more on encryption in the coming months and years.

Orange Script Could Prove Helpful to Android App Development

Orange Script, a language similar to JavaScript, could soon be giving Android app developers another option for programming. According to inventor Stone Zhong, it is suitable for those with JavaScript, C, and C++ programming skills. Those who are familiar with JavaScript will experience almost “no learning curve.” Orange Script plans to add Android app development support in February 2014. Using Orange Script along with JavaScript for app development will allow developers to leverage existing Java libraries, and offer functionality including XML parsing and RESTful APIs. It will support: prototype-based object-oriented programming, functional programming, dynamic typing, and closures support, to enable easier programming tasks.

Leap Motion: How it Tracks What it Can’t See

Leap Motion, the makers of a matchbox-sized motion tracker that launched in July 2013, have announced a software upgrade that will allow Leap Motion devices to perform more precise tracking. It works by viewing someone’s hand as an entire object, without the need to see its every move. As a result, users will see new and more accurate interactions. This upgrade, in the works for nearly a year marks the first substantial software overhaul, and it will make its way across the open-source leap devices over the next few months. The idea is developers will be able to build even better physical interactions, as the software will now allow for actions including: pinching, crossing the fingers, hand-to-hand interactions, and moving one hand over the other.

Virtual Currencies Vulnerable to Money Laundering

Despite the fact that virtual currencies such as Bitcoin give consumers a cheap and convenient way to move money, according to the United States Justice Department’s Criminal Division, those same attributes make them appealing to criminals. Use of these currencies is on the rise by drug dealers, child pornography traffickers, and those involved in large-scale fraud schemes. The currencies provide anonymity, while also preventing transactions from being reversed.  This makes it more complicated for the government to follow the money trail during criminal investigation. Add to the complexity of the issue, many digital currency services don’t have abuse protection controls in place, to prevent money laundering.

Related Posts

Leave a Comment

Previous post:

Next post: