Friday, September 15, 2006

NEC develops razor-thin battery

It would be used in active RFID cards

News Story by Martyn Williams Taken by: Daniel George
Website: http://www.computerworld.com/printthis/2005/0,4814,106852,00.html

DECEMBER 08, 2005 (IDG NEWS SERVICE) - TOKYO

Engineers at Japan's NEC Corp. have developed a flexible battery that is less than a millimeter thick and can be charged in half a minute, the company said.

The battery has been designed for use in applications such as active radio frequency identification (RFID) cards and could provide enough power to keep such cards running for several weeks before requiring a recharge, said Yoshimi Kubo, chief manager of fuel cell and battery research at NEC's fundamental and environmental research laboratories yesterday.

The device is an "organic radical battery," a technology developed by NEC that uses materials that are more environmentally friendly than the chemicals found in common rechargeable batteries, the company said. NEC began researching the technology in 2000, and its work has been partly funded by Japan's New Energy and Industrial Technology Development Organization (NEDO).

One of the features of such batteries is their ability to be charged quickly. The device unveiled yesterday can be charged to about 80% of its capacity in about 30 seconds.

A prototype is being demonstrated this week at an NEC event in Tokyo. The battery measures about 4 centimeters square and has been fitted into a card that's about the same size as an identification or credit card. After a charge, it can keep an LED embedded in the card lighted for about 20 minutes before requiring a recharge.

Such thin batteries are important for active-type RFID cards. Most RFID cards or tags are passive devices that aren't capable of transmitting data on their own and work when brought into proximity with a radio field from a tag reader. This typically means they work over a range of several centimeters. Active tags are more like miniature radios and can transmit over longer distances, which means they can be read without having to bring them as close to the tag reader.

NEC said it has no plans for commercial production of the device or an estimate of how much it would cost at such a time as production begins.

It's also not the first organic radical battery application developed by NEC.

A larger version of the battery was shown earlier this year and proposed as a possible future emergency power source for PCs. Because the battery is capable of delivering a large amount of power in a short period, NEC demonstrated it being used to power a PC for about 15 seconds, which is enough time for the PC to back up important data and shut down properly.

That application used four batteries, each of which measure 55 by 43 millimeters and are 4mm thick, which is about the same size as a stack of three credit cards. Each cell weighs 20 grams. Like the prototype on show this week, NEC didn't have any immediate commercialization plans for the technology.

Security firm detects IM bot that chats with you

Bot replies with messages such as 'lol no its not its a virus'
News Story by Nancy Gohring
taken by Daniel George

Website: http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801,106832,00.html?SKC=software-106832

DECEMBER 07, 2005 (IDG NEWS SERVICE) –

A new form of malicious instant-message bot is on the loose that talks back to the user, possibly signifying a potentially dangerous trend, an instant messaging security firm said.

IMlogic Inc. issued the warning late yesterday after citing a recent example of such a malicious bot. On Monday, the company first published details of a new threat known as IM.Myspace04.AIM. Once the computer of an America Online Inc. IM user is infected, the bot sends messages to people on the infected user's buddy list, making the messages appear to come from the infected user. The user isn't aware that the messages are being sent. If recipients click on a URL sent with a message, they will also become infected and start spreading the virus.

A bot is a program that can automatically interact with people or other programs. AOL, for example, has bots that let users ask questions via IM, such as directory queries, and the bot responds.

The unusual part of this malicious bot is that it replies to messages. If a recipient responds after the initial message, the bot replies with messages such as "lol no its not its a virus" and "lol thats cool." Because the bot mimics a live user interaction, it could increase infection rates, IMlogic said.

IMlogic continues to analyze this threat but so far it seems to only be propagating and not otherwise affecting users.

An AOL spokesman said today that the company's IT staff has not yet seen the bot appear on its network. The company said it reminds its users not to click on links inside IM messages unless the user can confirm that he knows the sender and what is being sent.

Some similar IM worms install spybots or keyloggers onto users' computers, said Sean Doherty, IMlogic's director of services in Europe, the Middle East and Africa. Such malicious programs record keystrokes or other user activity in an effort to discover user passwords or other information.

"What we're seeing with some of these worms is they vary quickly, so the initial one may be a probe to see how well it infected users, and then a later variant will be one that may put a spybot out," Doherty said. The initial worm could be essentially a proof of concept coming from the malware writers, he said.


The secret life of a rootkit

Website: http://www.computerworld.com/printthis/2005/0,4814,106842,00.html

DECEMBER 07, 2005 (COMPUTERWORLD) –

Much like in the movie The Matrix, where the world presented to the computer user is not a true representation of what is really going on, a rootkit is a program that can be used to hide files, registry settings, network connections, processes and other information from computer users.

For example, a rootkit can make processes that run but are hidden from Windows Task Manager, registry keys that can't be seen with Regedit, and network connections that are not viewable by Netstat.

Rootkit technology allows malicious software (malware) to be stealthier, and that in general makes it more effective. This is not about just evading detection by a casual user; rootkit technology allows malware to evade many antivirus and antispyware programs. There are few legitimate uses for this kind of technology, although some companies do market "hidden folders" that enable users to hide sensitive or embarrassing information from other users of the same computer.

All rootkits rely on the ability to manipulate the results of the function calls made by programs. For example, in order for the Task Manager program in Windows to show a list of running processes, it calls a Windows API function (EnumProcesses) that returns a list of identifiers (or process IDs), which are obtained from a data structure in the kernel.

A rootkit works by intercepting the call and filtering out the processes that it is trying to hide. They can be implemented either in user space or in the kernel, with the kernel rootkits being the most dangerous.

Files, registry entries and network connections can all be hidden in analogous ways by altering the results of the appropriate function calls. Because most antivirus and antispyware programs rely on these calls (for example, to find files to scan), files hidden by rootkits are invisible to an antivirus program. The machine could be infected, but an antivirus program would be unable to detect it.

Kernel-mode rootkits require some code to be loaded into the kernel (normally a device driver or .sys file). They can do this by following the legitimate route that low-level device drivers use (using the service control manager services .exe), or there are a few undocumented ways to insert code into the kernel. Once inside, the code can modify the results of functions calls made into the kernel or modify kernel structures.

How to spot a rootkit

There are two main ways to detect the presence of a rootkit on an infected machine: scanning and event monitoring. The scanning technique involves comparing a view of the system using user-space tools and a view from inside the kernel. If anything is hidden, it should be visible in the kernel, but not in user space. Recently, a variety of programs have been released that do these scans.

This technique is good in principle -- rootkits hide resources, so the best way to detect them is to look for things that are hidden. There are, however, a couple of weaknesses with this approach. The first is that if the kernel itself has been compromised, then the scan from kernel space may be tainted by the rootkit. Whether this happens or not depends on the details of exactly how the scan and rootkit are implemented. Since the Windows kernel is largely undocumented, it is hard to be sure that the scan is giving the correct results. Also, rootkits can evade detection by hiding from all processes except the rootkit detector.

The alternative approach is to use an event-based system that monitors continuously to catch the rootkit in the act of installation. These programs are often called intrusion-prevention systems (IPS). It is important that the program behavior is monitored from the kernel. IPS systems that monitor in user space are just as vulnerable to rootkits as any other user-space program.

These systems can detect and block the loading of kernel modules. However, blocking all kernel modules is impractical -- many legitimate programs install kernel modules. For example, some antivirus programs use kernel modules to perform on-demand scanning.

It is possible to make a better decision regarding whether the loading of the module is malicious by looking at other properties of the installer and other associated programs. While a rootkit and an antivirus program might have actions in common (e.g., installing a kernel module), there are many other characteristics that they would be less likely to share.

For example, a rootkit might try to be stealthy by not having a visible window, while the antivirus program will likely advertise its presence to reassure the user. The rootkit program may also install a keylogger, which one would not expect a well-behaved antivirus program to do. By combining various behavioral characteristics (carefully chosen so that they capture the common behaviors associated with malicious code), it is possible to reliably detect rootkit programs. In fact, this general approach, termed "behavioral heuristics," can be applied more broadly, to detect other classes of malicious code such as Trojans, bots and spyware.

Being based on heuristics, this type of system can make mistakes (classifying normal programs as malicious). The normal technique used to deal with this is to have exclusion lists for the common errors, which would then have to be maintained.

Undoubtedly, rootkits are serious and increasingly problematic for computer users. They enable malicious code to remain undetected by most security software. They work by manipulating the results of function calls, which they gain access to by a variety of mechanisms. The good news is that they are detectable, with two mechanisms currently available -- a scanning technology that can detect them after they are installed, and an event-based system that can catch them in the act of installation (by observing their behavior) -- and thus prevent compromise in the first place.

New Web Mail: More Polished, Powerful

Microsoft, Yahoo, and Zimbra betas preview Web mail's new desktop-like interface.
By: Ryan Singel
(From the January 2006 issue of PC World magazine)

Taken by Daniel George

Microsoft and Yahoo are poised to make Web-based e-mail more powerful than ever with updates that bring a desktop-style interface to their respective Web mail offerings.

Beta –versions when tested (currently invitation-only) of Windows Live Mail and Yahoo Mail, and also looked at an open-source newcomer called Zimbra. All three apps use an increasingly popular programming technique called Ajax (Asynchronous JavaScript and XML) to improve on standard Web mail and even Google's Gmail.

As Ajax applications, the mail clients we tested can preload information and update their displays on the fly. So when you open up an e-mail message, you'll see it immediately, rather than having to wait for it to download. And when you delete a message, the application can update instantly, even though the delete request is still being processed in the background.


Yahoo Mail:


Yahoo Mail offers desktop-like features such as a full complement of familiar hot-keys and the ability to use the and keys to select multiple messages. Although it's only a beta, the application is graceful, powerful, and nuanced. Its three-pane layout mirrors that of desktop apps such as Microsoft's Outlook Express and Mozilla's Thunderbird.

Yahoo Mail also mimics the handy tab feature included in many Web browsers, allowing you to open multiple messages in a single window and switch between them without loading a new page. Thanks to some intricate coding, you can quickly delve deep into your inbox, using the familiar scroll bar or the key.

Yahoo Mail's search shines, reaching into attachments as well as e-mail messages, and showing the document snippet where the search term was found. Yahoo Mail also interacts logically with your browser's back button--often a trouble spot for Ajax apps that continually update one "page" in the browser. In contrast, Gmail disables the back button, while Zimbra warns you that using it will log you out.

Windows Live Mail

If you're not familiar with desktop mail apps, Microsoft's Windows Live Mail, which feels more like a tweak to Hotmail than a total rethinking of Web mail, may be a better fit. Like Yahoo Mail, Live Mail lets you drag and drop messages, and right-click to print, forward, and answer messages without opening them first. Live Mail puts its weight on tools that let users add emoticons and formatting to e-mail, and it also integrates powerful calendar, antispam, and antiphishing functions.

The Live Mail service which was tested, which Microsoft emphasizes is still a very early beta, uses a three-column layout similar to Microsoft Outlook's. A scrollable inbox, on-the-fly spelling checking, and enhanced right-click menus are on tap for the next beta.

Zimbra

The beta of Zimbra's open-source offering was rougher around the edges, marred by small, cryptic interface icons and some bugs in the version we tested. But its search and virus protection are good, and Zimbra sports some nifty calendar integration--users can mouse over dates in e-mail to see what activities they have scheduled that day.

But Zimbra's real strength is as a full-fledged communication server, allowing a company to integrate its databases so users can, say, jump from a message with an order number to the order database itself.

Zimbra doesn't offer individual accounts, but broadband providers such as Speakeasy are looking at using it to replace their current Web mail offerings.

Zimbra is available to enterprises right now, and Yahoo and Microsoft each hope to introduce their new interface to their millions of users in the first half of 2006.