Hackers use Dropbox, WordPress to spread malware

The Chinese cyberspies behind the widely publicized espionage campaign against The New York Times have added Dropbox and WordPress to their bag of spear-phishing tricks.

The gang, known in security circles as the DNSCalc gang, has been using the Dropbox file-sharing service for roughly the last 12 months as a mechanism for spreading malware, said Rich Barger, chief intelligence officer for Cyber Squared. While the tactic is not unique, it remains under the radar of most companies.

“I wouldn’t say it’s new,” Barger said on Thursday. “It’s just something that folks aren’t really looking at or paying attention to.”

The gang is among 20 Chinese groups identified this year by security firm Mandiant thatlaunch cyberattacks against specific targets to steal information. In this case, the DNSCalc gang was going after intelligence on individuals or governments connected to the Association of Southeast Asian Nations. ASEAN is a non-governmental group that represents the economic interests of ten Southeast Asian countries.

The attackers did not exploit any vulnerabilities in Dropbox or WordPress. Instead, they opened up accounts and used the services as their infrastructure.

The gang uploaded on Dropbox a .ZIP file disguised as belonging to the U.S.-ASEAN Business Council. Messages were then sent to people or agencies that would be interested in the draft of a Council policy paper. The paper, contained in the file, was legitimate, Barger said.

When a recipient unzipped the file, they saw another one that read, “2013 US-ASEAN Business Council Statement of Priorities in the US-ASEAN Commercial Relationship Policy Paper.scr.” Clicking on the file would launch a PDF of the document, while the malware opened a backdoor to the host computer in the background.

Once the door was open, the malware would reach out to a WordPress blog created by the attackers. The blog contained the IP address and port number of a command and control server that the malware would contact to download additional software.

Dropbox is a desirable launchpad for attacks because employees of many companies use the service. “People trust Dropbox,” Barger said.

For companies that have the service on its whitelist, malware moving from Dropbox won’t be detected by a company’s intrusion prevention systems. Also, communications to a WordPress blog would likely go undetected, since it would not be unusual behavior for any employee with access to the Internet.

In general, no single technology can prevent such an attack. “There’s no silver bullet here,” Barger said.

The best prevention is for security pros to share information when their companies are targeted, so others can draw up their own defense, he said.

In The New York Times attack, the hackers penetrated the newspaper’s systems in September 2012 and worked undercover for four months before they were detected.

The attack coincided with an investigative piece the newspaper published on business dealings that reaped several billion dollars for the relatives of Wen Jiabao, China’s prime minister.

ASUS’ RAIDR Express PCI-e SSD is compatible with both legacy and UEFI BIOS

These days, it’s fairly easy to find a PCI Express-based SSD to transform one’s desktop — Angelbird, Fusion-io, Micron and ASUS will sell you one, just to name a few. That said, the last of those three has just revealed a new entrant that will certainly catch the eye of many, as the RAIDR Express claims to be the first PCI-e SSD to be compatible with both legacy and UEFI BIOS. The so-called DuoMode feature is joined by 240GB of storage space, sequential 830MB/s read and 810MB/s write speeds and a reported 620,000 hours mean time between failure (MTBF).

You’ll also find the latest LSI SandForce controller, Toshiba-built 19nm MLC flash, and 100,000 4K read/write input/output operations per second (IOPS). The bundled RAMDisk utility allows users to dedicate up to 80 percent of a computer’s available RAM for use as a high-speed virtual drive, and if you needed any further proof that it’s fast, look no further than in the video after the break. Curiously, ASUS isn’t talking pricing just yet, but it should start shipping in the very near future.

Review: Seagate Wireless Plus

The storage capacity is relatively limited tablet often makes us have to be smart to choose which content you want to keep in it. Not realizing it, remove and insert the digital content such as music video and it turns out that quite a lot of time consuming.
Well, one of the more clever solution is to use an external hard disk as Wi-Fi. Seagate Wireless Plus (SWP) is the replacement for the Seagate GoFlex Wireless (SGW) which appeared in 2011. There are some improvements that are owned SWP as larger capacity, longer battery life, as well as support for streaming 8 connections at once. The size is also smaller than SGW, and attractive, the price is not much different from SGW.
To fill the data into SWP, you just connect it to a PC via a fast USB 3.0 connection. If desired, you can replace with Thunderbolt or Firewire connector (sold separately). SWP is very easy to operate. You simply press the on / off button is there, then set your device to connect via Wi-Fi access point to the SWP. While connected to the SWP, you can still connect to the Internet by connecting the device to a Wi-Fi hotspot through SeagateMedia application available free on Play Store and AppStore.
Review: Seagate Wireless Plus review gadget mobile gadget accessories Review: Seagate Wireless Plus review gadget mobile gadget accessories Review: Seagate Wireless Plus review gadget mobile gadget accessories
Wireless Plus has been arranged with several standard folders such as Videos, Music, Photos, and Documents. But you can create your own folders if desired. SeagateMedia application quite well, but does not support all video formats. To music, more fully supported formats. As for the documents, Seagate will ask what application you want to use to open the document. I tried it on the Galaxy Note 10.1 and the Apple iPad 3. The results are quite varied and SWP proved more smoothly used in the Android platform, especially for video playback.
seagate wireless plus 1 Review: Seagate Wireless Plus review gadget mobile gadget accessories
Review: Seagate Wireless Plus
Full HD video in a streaming format. MP4 can be done smoothly, while for the format. Above 1GB MKV, a little choked up. This is not a problem in the SWP, but more to the software problem. Fortunately
You can use other applications to play the video. SWP battery is claimed to last up to 10 hours. But if you continue to take streaming video, then the battery will be filled after 6-7 hours. If it varies, then the battery will be able to last up to 9-10 hours.
Seagate Wireless Plus is an easy to use, very handy, and will remain relevant for longer than a new gadget you bought. The price is quite high, but the ability is quite worth it.

SOA Software Announces API Management for DataPower

SOA Software, a leading provider of API Management that helps businesses plan, build, secure, monitor and share APIs, announced today API Management for the IBM WebSphere DataPower family of SOA appliances. The new solution manages the full lifecycle of DataPower-based APIs and extends the capabilities of the widely deployed SOA Software Integrated Governance Solution for IBM DataPower.

This unified approach to managing both APIs and services extends the capabilities of DataPower infrastructure, enabling mobile and web solutions for internal mainframe and WebSphere MQ based services. SOA Software’s API Gateway, Lifecycle Manager for APIs and Community Manager have been integrated with DataPower, providing our customers a seamless API Management solution.

SOA Software’s API Management solution for DataPower goes beyond basic API management by offering management of the full API lifecycle. From plan, to build, to run, to share, the API Management solution provides the ability for customers to manage every aspect of both APIs and internal services using a single, comprehensive solution. With this new solution, customers can realize a complete API solution quickly and cost effectively.

“APIs present a challenge to IT organizations today,” said Alistair Farquharson, CTO of SOA Software. “SOA Software’s unique approach to API management on DataPower allows IT organizations to keep pace with technology advances presented by next generation mobile and web applications while benefitting from the same rich enterprise support we already offer customers today. Our solution makes managing secure, integrated APIs easy, whether a mobile app needs to securely access mainframe data or a web application needs to initiate a business transaction using WebSphere MQ.”

The SOA Software API Management solution for DataPower supports a wide variety of API standards including REST, JSON, OAuth and OpenID. It ensures interoperability with diverse backend systems through its support for SOAP and WebSphere MQ. It supports diverse security standards including SAML, Kerberos, LDAP, X509 and WS-Security. DataPower’s enterprise integration capabilities for APIs are further strengthened by SOA Software’s rich orchestration features, as well as its support for transformations including WebSphere Transformation Extender. Support for monitoring, metrics, service level agreements, and API access control all ensure API programs run consistently and predictably.

The API Management solution for DataPower enables rich communities for DataPower API developers and app developers through its developer portal. The developer portal lets API developers publish their DataPower APIs for app developers to find and consume. Social media features, API documentation, and integrated forums make it easy for developers to collaborate. Real-time system monitoring gives developers up to date status of their APIs and apps.

APIs help organizations expose critical internal business data to their customers to increase transparency and improve the customer experience. SOA Software’s API Management solution for DataPower lets DataPower customers use DataPower to secure and integrate their APIs within an enterprise environment. The result is a cost effective, full lifecycle solution for DataPower APIs that makes it easy to quickly yet securely expose internal resources to mobile apps and Web applications.

About SOA Software

SOA Software is a leading provider of Enterprise API Management and SOA governance products that enable organizations to plan, build, run and share enterprise services and APIs. Some of the world’s largest companies including Bank of America, Pfizer, and Verizon use SOA Software products to harness the power of their technology and transform their businesses. Gartner placed SOA Software in the Leaders Quadrant for the 2011 “Magic Quadrant for SOA Governance Technologies.”

NSA intercepted, Apple, Google, Microsoft alliance

Jakarta – A giant technology company formed an alliance to demand transparency from the U.S. government related information monitoring program of the National Security Agency (NSA) called PRISM.
The alliance involves companies such as Apple, Google, Facebook, and Microsoft. In alliance was also a number of civic groups. In a letter that will be announced in a few hours, the alliance which amounts to 63 companies, investors, and non-profit organizations is asking for clearer rules about such things.
“Basic information about the way the government enforce laws related activities have been published during this investigation does not interfere with the investigation,” read one of the points in the letter obtained by AllThingsD on Wednesday, July 17, 2013.
The Alliance requested that they be allowed the right to announce the number of government requests for data on the users of their services. They also requested that the number of users, accounts, and information held gadget that can be announced.
Alliance also assess the amount of requests basic information about the content and the user, could be made public as part of their transparency.
At the same time, the alliance will also ask the government to announce a number of requests and the number of individuals whose data is requested from the technology companies.
This letter will be addressed to President Barack Obama and congressional leaders. Here are some names of firms and associations involved in this alliance:
Yahoo, AOL, Apple, Digg, Dropbox, Evoca, Facebook, Google, HeyZap, LinkedIn, Meetup, Microsoft, Mozilla, Reddit, salesforce.com, Tumblr, and Twitter.
Also there younow, Union Square Ventures, Y Combinator, New Atlantic Ventures, The Electronic Frontier Foundation, Human Rights Watch, the American Civil Liberties Union, the Center for Democracy & Technology.
In addition, there are elements of the press and advocacy organizations such as Reporters Committee for Freedom of the Press, Public Knowledge, the Computer & Communications Industry Association, Reporters Without Borders, and the Wikimedia Foundation.

Pre-Order Asus 31.5″ 4K IGZO Monitor for $3500

Asus is reportedly now taking pre-orders for its 31.5 inch monitor (PQ321Q) featuring Sharp’s anti-glare LED-backlit IGZO technology. It sports a screen resolution of 3840 x 2160, 140 pixels per inch, and not only cuts down on energy consumption but features an extremely long durability given that Sharp’s tech doesn’t constantly refresh the images. It’s all static until something moves on-screen.

The company introduced the new monitor last month, reporting that Sharp’s IGZO tech supports smaller transistors than amorphous silicon thanks to significantly higher electron mobility. It also not only reduces energy consumption, but reduces the monitor’s overall bulk as well: at 35 mm at its thickest point, the PQ321 is the thinnest 4K UHD monitor available today, the company said.

A Sharp rep said during CES 2013 in January that the 31.5 inch panel will be marketed to professionals first given the end-price. The prototype also had ten-point touch input which apparently didn’t make it into the company’s own PN-K321 31.5 inch IGZO monitor selling for $5,000 USD. The Asus model also doesn’t support touch.

The upcoming PQ321Q supports wide 176° horizontal and vertical viewing angles, 10 bit RGB “deep” color, and an 8 millisecond gray-to-gray response time. Other features include a 0.182 mm pixel pitch, a max brightness of 350 cd/m2, a max contrast ratio of 800:1, picture-by-picture support and HDCP support. The monitor’s typical power consumption is 93 watts.

On the connectivity front, the I/O panel has two HDMI ports, a DisplayPort, and an RS-232C port for old-school VGA connections. There’s also a 3.5 mm mini-jack for PC audio input, a 3.5 mm mini-jack for AV audio input, and a 3.5 mm mini-jack for earphones (for HDMI and DisplayPort).

Last month the company said that the new display is the “equivalent to four Full HD displays stacked side-by-side.” It can now be pre-ordered on Amazon here, and on Newegg here, both requesting $3,499.99 USD. The monitor is slated to arrive on July 16, 2013.

Social Security in First Half Profit Jumps 95 Percent

Social Security PT (Persero) posted a profit after tax in the first semester of 2013 amounted to Rp 1.69 trillion or 95 percent jump compared to the first half of 2012 amounted to Rp 870 billion. Director of Social Security Masasya G Masassya said that the increase in fee revenue over the first half of 2013 rose 64 percent to Rp 2.87 trillion in the same period last year to Rp 1.75 trillion.
»In the first half of 2013 we recorded a net income contribution of Rp 914.5 billion, surged 205 percent,” he said in a written statement, August 5, 2013.
Total revenue per June 2013 rose 202 percent to Rp 916 billion. Social Security investment income recorded a non-collateral (JHT) in the first semester of 2013 amounted to Rp 1.36 trillion, up 59 percent and revenue management of the investment fund old age insurance up 20 percent.
Social Security an operating profit in the first semester of 2013 rose 84 percent to Rp 3.14 trillion and profit before tax also rose 84 percent to Rp 1.97 trillion.
Director of Finance Social Security Trisanto Herdy adds up to June 2013 the company has been realizing managed fund of Rp 143.6 trillion. That figure represents 96.31 percent of the 2013 target of Rp 149.1 trillion. Additionally in June 2013, the company posted revenue of Rp 9.02 trillion investment or representing 61.72 percent of the 2013 target of Rp 14.6 trillion.
»The results of the development of old-age benefits by June 2013 amounting to Rp 6.32 trillion or 60.06 percent realize the 2013 target of Rp 10.5 trillion,” he said in a written statement.
In terms of net income, Social Security also booked Rp 1.69 trillion as of June 2013, representing 77.43 percent of the 2013 target of Rp 2.19 trillion. Acceptance of Social Security contributions by June 2013 amounted to Rp 12.3 trillion, representing 49.62 per cent of the 2013 target of Rp 24.84 trillion. And payment guarantees by June 2013 amounted to Rp 6.21 trillion or 59.75 percent of the realization of the 2013 target of Rp 10.4 trillion.

Traders Earn Big Profit in Monas Fair

Fair Monas, Central Jakarta, drew the attention of many visitors, so it is an opportunity for traders to reach a large turnover in the month of Ramadan, despite the weather influence the profits.
“Yes, with a show like this biased because fortunately many visitors also respond well to this event. Prices can also be an expensive stand ketutup. Last week I was lucky to hit Rp 5, 5 million,” said traditional Chinese clothes seller, Anggi on Monday.
This was the first event held in 2013. Many visitors who come and are very excited to welcome the party of the people, so that a distinct advantage for traders who open a booth.
Variety of goods and foods sold in Monas Fair, like, toast peanuts, meatballs, iftar meal, women and men’s apparel, accessories, lighting or home decoration and so on.
“Towards the iftar many come than during the day. Turnover during the month of Ramadan is also on the rise as more and more visitors are coming,” says the seller of perfume, Yus.
Benefits achieved could reach three times the sales in the store. Weather in Jakarta but also affect the profits of the merchants, if the weather is rainy then sales will decline because empty of visitors.
Visitors came from various regions, even visitors from abroad. “I am from Jakarta to Ambon often, but only this time there are events like this in the monument, is great if you need to continue to be held every year,” said a housewife, Nani.
Cleanliness and safety of the show is pretty guarded by the organizing committee.
“We always check identification and also the interests of any person who want to get into. There are two layers of safeguards so that the event is also taking place conducive,” said the provincial municipal police, Joseph.
Society hopes remain held an event like this because it can benefit all parties, but it should be more mature in the hold and organize this event so that more and more visitors are interested in coming out of the city and outside the city.

Sugar Industry Accelerate Distribution

Jakarta – Chairman of the Indonesian Refined Sugar Association (AGRI), Suryo Alam, said the refined sugar industry had anticipated ban on trucks that pass through the route of this year’s Lebaran season.
According Suryo, this is done so as not to interfere with the distribution of goods to the consumer. »We have experience in previous years, so we speed up the distribution to anticipate this,” he told Tempo, Tuesday, July 30, 2013.
To anticipate that does not have to pass through an alternative pathway, advancing deliberately distribution industry since four months ago. »We are reminded producers and distributors will be crowded so that distribution is accelerated,” he said.
In addition, said Suryo, manufacturers also limit the time distribution, ie last H-7 and H +10 Lebaran holiday. »Take the items before or after that date. So, we were not at all disturbed, “he said.
Jumbo-sized freight truck more than two axles or a maximum of 16 tons will be prohibited from crossing the route of H-4 to start the first day of Eid on August 8, 2013. The Ministry of Transportation’s decision to reduce congestion flow back and forth in the lane.
“The banned starting H-4 to H +1’s truck laden building materials, paste trucks, tow trucks, container trucks, vans and all kinds of goods more than two axles,” said Head of the Department of Transportation West Java Deddy Taufik some time ago.
However, said Deddy, trucks carrying essential commodities, fuel, and transportation is still tolerable to post back and forth across the line. “But it should only be transported a car two axes. If transported by car or truck more than two axes remain banned,” said Deddy.
Department of Transportation actually suggested banning trucks passing jumbo introduced on the route of H-7. “But, finally the Ministry of Transportation decided to start at H-4. Perhaps for the sake of the stability of the economic distribution as well.”

4 SEO Tips for Launching a New Website and New Brand

Launching a new website is hard. Launching a new brand with that new website can be downright madness.

Just ask Moz. Or iAcquire. Apparently, 2013 is the year of the marketing agency rebrand, and I’m happy to announce we’re part of that list, too: Last week, 352 Media Group became 352.

Those 2½ months spent building our new website and our new brand were the hardest I’ve ever worked in my life. They were also the most rewarding, and despite my incessant cursing, I wouldn’t trade it for anything. Why? Because look at the old site:

Holy wow.

Whenever you launch a site, everyone just sees the design change, but rarely do you see the behind the scenes – and I’m not just talking about design iterations, although there were probably 13 of those – work that goes into a new website. We’re assuming you’ve already redid your keyword and market research.

That’s A Lot of Redirects

Thankfully, the domain didn’t change, but the URL structure did change to directory style. I used Ruth Burr’s template for domain migrations, but made some tweaks.

First, pull every single URL that’s on your root domain. I used both Screaming Frog and our database to make sure I wasn’t missing anything. Drop into Excel and start analyzing what’s going where on your new site.

We work in agile web development, which accounts for short sprints of work (in our case, two weeks at a time) when at the end we’d be able to launch full functionally pieces of our website. Think of it like building a house one room completely at a time.

Because this bad boy needed to be up before mid-July, the planned to launch with the Slim Fast version of our sitemap: A lot of pages weren’t going to exist yet, but they would soon. That meant a lot of pages of our existing site weren’t going to move yet, but they would.

So, in addition to the 301s and 404s, I added a section of what was going to be in Phase II to make our support departments’ lives a little easier. I think it worked.

Analytics

I admit it: I didn’t remember to install the analytics code on our new site until 24 hours before the site launched. *Facepalm*.

Seriously: Don’t forget it, but also, don’t settle for the basic version. There is so much more that you can see with a little customization, and you need to think about what makes most sense for you. For us, there were three big ones:

  • Enhanced in-page to see where people were clicking.
  • Page scrolling to see how far down people were going on our pages.
  • Event tracking to see how people interacted with our video.
  • Event tracking to see how often people clicked on our contact information.

Sitemaps

If your URLs are changing, so will your sitemaps. Don’t forget to generate a new XML sitemap and resubmit me that GWT to speed up indexation of your new site. We went the multiple XML sitemap approach, one of our main site and one for our blog.

Holy Crap: We Aren’t No. 1 For Our Name

That’s every SEO professional’s nightmare. We’re living that right now. We decided to change our name in January. In May, we took a match to our old site and started over from scratch. Around June, someone finally said “Hey, I wonder where we’ll be ranked with our new brand name.”

Page 3. PAGE 3?!

Logically, it makes sense. 352 is the area code of Gainesville, Florida, our headquarters and our namesake. Sure, we’ve been known simply as 352 (tree-five-two) for 15+ years both by clients and internally, search engines weren’t making that connection.

Why would they? All of our brand links are 352 Media Group, and all of our content was 352 Media Group. We also don’t have nearly the social community that Moz does to blog, link and tweet the name change that would clued Google in sooner.

While our new brand does come with a whole new keyword targeting – Pro tip: Start your new keyword research very early – I couldn’t care less about our exact-match anchor text until we’re showing up No. 1 for “352.” How do you do it? Pull your backlink using your favorite tool, go down and find all of the links with your brand name, and start contacting.

Trust me: Start this process very early if you’re changing name, as in way before you officially launch. Start by reaching out to people who you know can queue up their change to go live on your exact launch date, for example, your author bio for any places you’re a contributor. Don’t forget to make sure your internal team changes any links they have on personal websites.

I’m in the thick of this now, and you never really realize how many brand links you have until you’re staring at a 4-digit long Excel spreadsheet.

Keeping Momentum Post Launch

Last year, I went skydiving. There’s a moment about 30 seconds into your free fall where you convince yourself that the shoot should have opened by now, and this was going to be it. Then, the chord pulls, you shoot up vertically, and you feel the biggest rush of relief because you are, in fact, going to make it through.

At 3:52 p.m. – see what we did there? – on July 16, 2013, I got that same rush from the launch of our site.

And while the honeymoon of the new brand only lasted about 24 hours until my inbox was flooded with feedback, I needed that kick to keep up the momentum our team had with post-launch iterations.

There will be things you don’t think of. There will be bugs you missed. There will be internal feedback that makes more sense. There will definitelybe user feedback you didn’t even know existed. You need an organized way to keep track of all of this.

My agency used TFS and work through a backlog of items based off client priority and effort to complete the task. This helps us better see the cool things we want to do and where it lies based on priority.

It’s not the most intuitive, and we’re searching for some something a little more user friendly, but it works well enough for now.

If you’re going through a new site launch, I feel you, buddy. It’s long. It’s a pain in the ass. Sometimes, you just want to quit. It’s extremely difficult not to get discouraged, but the end result will be worth it.

Don’t get disappointed if you forget something. There’s a lot to do, and we missed a few “Well, duh” things post launch, but it’s OK. That’s the beauty of constant iterations.

Processed Chocolate Indonesia Reach 500 Thousand Tons

Chairman of Indonesian Cocoa Industry Association (AIKI), Piter Jasman, say, the national cocoa processing will reach 500 thousand tons by the end of 2013. 25 percent increase in production was driven by high demand. “It is also driven downstream program through the imposition of export duties cocoa beans,” he said as quoted by Bloomberg, on Tuesday, July 23, 2013.
Data AIKI mention, the national cocoa production in 2012-2013 reached 310 thousand and 400 thousand tons. Policy for the imposition of export duty by 16 percent cocoa processing industry and encourage the rise of foreign investment. Therefore, AIKI processed cocoa production estimate could rise to 800 thousand tons in 2014.
Besides Indonesia, the trend of increasing cocoa production occurs in the Asia-Pacific region. London-based consumer research agency, Euromonitor International Ltd., Estimates that sales of chocolate in the Asia-Pacific region in 2013 will grow more than twice the global market.
Euromonitor estimates that sales of chocolate in Asia reached 5.2 per cent to 859 300 tonnes in 2013. At the same time, production and global demand for chocolate grows 2.2 percent. Senior analyst Euromonitor, Redruello Francisco, said the chocolate manufacturers are now racing to build factories in Asia. “Asia is a region of strongest growth in chocolate. We also saw high demand there,” he said.
One of the opportunities is Cargill Inc. The processed food company plans to invest U.S. $ 100 million to build a chocolate factory in Gresik, East Java. Factory production capacity of 70 thousand tons is expected to operate in mid-2014.