Fears of Massive Net Attacks as Code Shared Online

Computer code used to mount one of the biggest web attacks ever seen has been released online. Security experts fear the release will prompt more massive attacks that knock sites offline by swamping them with data.

The attack tool seeks out smart devices in homes that are weakly protected with easy-to-guess passwords.Net monitoring firms said they had already seen an increase in scans that seek out vulnerable devices.

The "Mirai" source code was released on a widely used hacker chat forum over the weekend.

The same code is believed to have been used to target security blogger Brian Krebs in late September in an attack that pointed more than 620 gigabits of data every second at his site.

Mr. Krebs said the release "virtually guaranteed" that the net would soon be flooded with similar incidents as it made it easier to mount such large-scale attacks that abuse access to the consumer gadgets.

'Collateral damage'

When Mr. Krebs' site was attacked, the amount of data with which it was hit was believed to be the biggest ever seen. However, it was eclipsed later the same month by an attack on French hosting firm OVH, which suffered a malicious DataStream that peaked at more than one terabit per second (1,000 GB).

Research by security firms suggests that both attacks managed to generate so much data by seeking out insecure devices that make up the "internet of things". These are smart devices such as webcams, thermostats and other gadgets that owners can control via the net.

Scanners built into the attack code seek out vulnerable devices and enroll them into a network, known as a botnet that a malicious hacker can then use in what is known as a Distributed Denial of Service (DDoS) attack.

"There is already a surge in botnet operators attempting to find and exploit IoT devices in order to gain access to uniform and sizable botnet networks," said Dale Drew, chief security officer at net firm Level 3, in an email to Ars Technica.

The Mirai botnet and the one used to attack OVH are, between them, believed to control more than 1.2 million vulnerable devices. Post-attack analysis suggests the DDoS deluges aimed at Mr. Krebs and OVH used only a fraction of the total number of devices on these botnets.

Stephen Gates, chief research intelligence analyst at NSFocus, said the growth of such large IoT botnets could mean chunks of the net get knocked out. In addition, he said, those owning compromised gadgets could see their browsing speeds slow significantly as their home net connection is used to send attack data.

"This is all collateral damage caused by a failure of good judgement by using the same factory default passwords on IoT devices in the first place," said Mr. Gates in a statement.

Source: BBC

New AppFactory Launched to Boost Coding Skills of Ghanaian Youth

Mobile Web Ghana and Microsoft have launched Ghana’s first AppFactory to provide aspiring coders and software programming graduates with real-world experience.

Mobile Web Ghana in collaboration with Microsoft are inviting youth with an interest in coding to join Ghana’s new AppFactory. Only 40 of the most promising candidates will be selected for the programme, which will help them bridge the gap to full-time employment.

The Ghana AppFactory is the third Microsoft AppFactory in Africa, after South Africa and Egypt, which as part of the 4Afrika initiative have produced over one thousand Windows apps to date.
The AppFactories equip young software developers and coders with hands-on experience, while helping them build critical business skills to secure jobs or create their own businesses. Participants will be mentored by senior software architects and app developers on how to design, implement and manage complex projects.

“We believe youth have enormous potential to shape the technology we at Microsoft are creating, and many have brilliant ideas for an app, but simply don't have the time or resources to bring it to fruition. Our primary goal is to ensure that we equip young talents to get their ideas to market,” says Derek Appiah Microsoft.

Experts say the world is on the cusp of a 4th Industrial Revolution with many jobs being automated. The jobs that will be in demand, creating over 2 million new jobs by 2020, according to the World Economic Forum, are either highly creative professions that can’t be automated or in computer and mathematical related fields. “Coding is about art and mathematics, and in the age of digital transformation practical coding and programming skills are highly sought-after.”

Critical thinking, collaboration and creative skills are also increasingly important for youth, helping them to excel at any job in the digital world.

“Companies are looking for people who can innovate. If we are to ensure that Africa is on the forefront of digital transformation and not just a consumer of technology, skills development is critical. Programming is an exciting industry to be in, with lots of areas of specialization, and more jobs being created each year.”

Florence Toffa, Director at Mobile Web Ghana, says, “Mobile Web Ghana and Microsoft have a shared belief in the value of practical experience in preparing ICT graduates so they are ready to hit the ground running in their choice industries. I encourage Ghanaian graduates in the field of programming and computer science at various levels of education to apply for this wonderful opportunity.”

To be eligible for the programme, which will have two intakes over the next year, a candidate must demonstrate the following:

•    A good understanding of the computer science discipline
•    Coding proficiency in at least one high level programming language
•    Problem-solving skills and a passion for technology
•    Curiosity, communication skills and collaboration

Interested participants can log on to Mobile Web Ghana’s official website here mwgnew.mobilewebghana.org

Source: Ghanaweb

Facebook Launches ‘Lifestage App’ For School Teens

Facebook has launched a new social media app aimed at school teenagers.
Members of Lifestage, currently only available on Apple devices in the US, upload pictures and videos based around feelings, likes and dislikes. These are then turned into video profiles. All posts are public and there are no options to restrict viewing. The idea is to connect members of the same school, its creator said.

One expert told the BBC the lack of privacy settings was a concern.

School members can view each other's profiles once the individual school has registered 20 members or more. Users aged more than 21 are only able to view their own profiles, reports the Tech Crunch website.
However, the app warns that it cannot guarantee whether all its users are genuine.

"We can't confirm that people who claim to go to a certain school actually go to that school. All videos you upload to your profile are fully public content," it says.
Lifestage has no messaging functionality but users can display contact details from other sites such as Snapchat and Instagram.

The app currently has a 2.5 star rating on the iTunes store with comments describing it as "kinda sorta creepy" and "confusing".

According to statistics website Statista, only 8% of Facebook's US users are aged 13-19.

It has been designed by Facebook product manager Michael Sayman, who is 19 years old.

In a Facebook post he wrote that the app was based around the original social network's early days.
"Back in 2004, Facebook was all about 'who I am'. I could post my relationship status. I could share what my favourite music was. And it was all about expressing myself," he said.
"Today as Facebook has grown into so much more, we see the opportunity to explore that concept of 'who I am' once again, but for Generation Z in 2016."
Pushing boundaries
Dr. Bernie Hogan from the Oxford Internet Institute told the BBC the app's lack of privacy settings could prove unpopular.

"The lack of privacy settings on this app in its current state is indicative of Facebook ideology - which is to stay open and connected as much as possible," he said.

"From their point of view that's a great idea but sometimes being so open can get in the way of getting connected. They already know this as people become reluctant to share things online if they have to share them with everyone.

"It seems yet again that they are trying to push the boundaries of what we think is appropriate to share online and then walking back when they face public criticism."

Source: BBC

What Are The “Things” In The Internet of Things?

User-based devices that communicate, consume content, and create and publish content for other people to utilize have dominated our current version of the Internet. The developing Internet of Things (IoT) is about to change that.

While it will include the “old” Internet of user-based devices, it is very different for one simple reason: people will not operate billions of new devices connected and tracked at the periphery of the network. These devices may be semi- or even fully automated, and they will vastly outnumber the human-operated devices in a short period of time.
Like the old Internet, this IoT will continue to include data, voice and video. But it will also contain new assets that will take the Internet from being a network of human-operated devices to a network containing many nonhuman-operated devices – the “things” of IoT.

The IoT contains a variety of technical systems and devices that go by different names, but all fall under the broader IoT umbrella because these systems all share common technology, and often common infrastructure. It’s helpful to review the terminology being used in order to better understand the relationship between these tools and the IoT.

Machine-to-machine communication
Machine-to-machine (M2M) systems are part of the IoT, and M2M, like many of the terms to follow, can be seen as a catchall term. The current generation of M2M applications includes both fully automated and semi-automated systems. For example, some of today’s most commonly labeled M2M systems include point-of-sale (POS) and automated vehicle location (AVL) services. POS devices are semi-automated, in that people must initiate and authorize the transactions (ideally), while AVL is an automated system for reporting the geospatial coordinates of assets like trucks and delivery vehicles.

One notable characteristic of current M2M systems is that they are largely unidirectional in data flow or service requests. POS devices, for example, initiate a transaction with central transaction processing systems, but are usually not equipped or intended to support incoming commands. The advantage of the unidirectional nature of these early M2M systems is that exploitation opportunities are more limited: physical access to the remote endpoints is required, while network-based attacks are lower in probability.

Connected devices
Connected devices is also a catchall term for things other than servers and PCs that are entering the network. Like M2M, they can be automated or semi-automated, but connected devices are more likely to communicate with each other bi-directionally, rather than transmitting but not receiving.

Connected devices tend to envision both a centralized management infrastructure and/ or a situation where devices communicate on a peer-to-peer basis, without ever referencing back to any centralized system or server. This peer-to-peer communication offers big advantages in terms of speed of decision-making and reduced loads on networks, but limits potential for oversight and safety controls.

Smart-everything
From smart appliances and smart houses to smart cities, so much of our world now is intelligent and interconnected, thanks to the IoT. Smart cities, for example, envision using IoT technology to improve the efficiency of services, from transportation systems to hospitals to energy and water supply. These systems will use unimagined combinations of peer-to-peer and client-server based decision-making, ubiquitous networking and massive amounts of high-assurance bandwidth to move all this data back and forth.
Perhaps the distinguishing feature of the “smart” discussion versus M2M and connected devices is that it tends to be more conceptual and less technical in nature. “Smart” is part of the IoT and will evolve as a notion, with small smart systems joining other small smart systems to create larger smart systems.

Ubiquitous computing
Ubiquitous Computing (UC) is the most abstract and conceptual term synonymous with the IoT. Devices and systems that use UC are completely connected and constantly available. In order to realize this pervasive UC paradigm, a wide range of technologies must be combined, such as industrial sensor networks, multi-medium networking, RFID, M2M, mobile computing, human-computer interaction, and wearable computers.

Though the UC concept involves a variety of technologies, the essence of UC involves the intelligence about, and knowledge of, our surroundings (also referred to as context awareness). By knowing their surroundings, including the dynamic geospatial relationships involving human users and their tools (cars, elevators, medical devices, and even each other), UC systems can offer useful customized services that drive increased personal and business efficiency.
Value-added distributor, Networks Unlimited, distributes and trains its partners and customers in the African region to become certified to manage complex projects by effectively installing and utilizing the Fortinet range of fast and secure cyber security solutions – especially in the growing IoT era.

Source: Itnewsafrica