“Nitro” spear-phishers

Symantec has revealed that at least 50 companies, many of them in the defense and chemical industries, have been attacked in a spear-phishing attack aimed at stealing research and development data. The “Nitro” attacks, as Symantec called them, started in late July, and lasted through September, according to a Symantec report. But the infrastructure used for command and control and other aspects of the attacks were used in another, earlier wave dating at least back to April, which was focused on human rights groups.

There is no known connection to the phishing attacks on RSA earlier this year. And it remains unclear whether the attacks were made by a single individual or group, though it appears the attack came from China. Analysts traced the attack back to a $32-a-month virtual private server in the US, owned by a “20-something male located in the Hebei region of China,” and found traffic being sent back to the network from 52 different organizations in 20 countries, 12 of them based in the US.

Spear phishing is a form of e-mail based attack that is carefully tailored to individuals at the target organization, usually disguised as a file-attachment that appears to be from someone the individual knows. In the Nitro attacks, the attackers used several approaches, but relied largely on two types of phishing: posing as a known business partner and sending what appeared to be a meeting invitations, or hitting a larger number of targets with an email “purporting to be a security update,” according to Symantec’s Eric Chien and Gavin O’Gorman. The attacks included executable files that were disguised as text files, or as password-protected archives. In both cases, the file would execute when opened, installing a program called PoisonIvy—a backdoor developed by a “Chinese speaker,” according to the Symantec report.

The backdoor then sent back the IP address of the infected computer, the names of other computers visible in the Windows workgroup the computer was in, and Windows cached password hashes. This allowed the hackers to remotely control the system, possibly even downloading additional tools to attack from within the network, and infect other computers in an attempt to gain administrative credentials and access to servers containing sensitive data.

Is Netflix the next AOL?

It still has millions of subscribers, generates a decent chunk of cash and is reporting solid sales growth, but the warning signs are there. If Netflix doesn’t watch out, it could be the next AOL.

Netflix used to be Wall Street’s favorite momentum tech stock. Not anymore. Shares have plunged 52% year-to-date, and with good reason.

This isn’t a case of Netflix not being able to live up to lofty expectations. It is facing serious challenges. Hence the AOL comparison.

The significant price hike for customers that want access to both DVDs and online video streaming caused the faces of many consumers to turn redder than a Netflix envelope. Customers aren’t just taking to Twitter and Facebook to complain: They are actually cutting ties with Netflix.

Netflix announced Monday that it lost about 800,000 subscribers in the third quarter. That is terrible news for a company that investors had been buying on the hope that subscriber growth would continue for a long time.

Price hikes may be necessary to deal with drastically increased costs. Netflix has to find a way to justify the money it spends on content licensing deals if it wants to still be able to offer its customers the movies and TV shows they want.

Netflix also has ambitious growth plans internationally, and said earlier this week that it will lose money for the next few quarters as a result.

Netflix needs to get in touch with customers’ rage

It may also be the case that, for the long-term, it’s better (i.e. more profitable) to have fewer subscribers paying more a month than continually adding customers that only sign up for the cheapest plans.

But I can’t help think that the decision to raise prices so drastically — $15.98 a month to have DVDs and streaming is a 60% jump — is eerily similar to the moves AOL made in the early part of the 2000s.

Of course, prices hikes weren’t the only thing that hurt AOL. It languished for years as a subsidiary of Time Warner.

But just as AOL faced a major identity crisis while trying to morph from a stodgy 20th century Internet access company to a cool content provider — one that lasts to this day — Netflix also can’t figure out what it wants to be when it grows up.

OneNote 2010 – Easy to use and worth the upgrade

The Skydrive feature alone is worth the upgrade – now it is easier than ever to synch your notebooks. Here’s the tag line from Microsoft:

“Once you start using OneNote to create digital notebooks of your notes and ideas, you’ll wonder how you ever lived without it. Before you know it, you’ll be looking for reasons to create more notebooks – work or school reports, home projects, and who knows what else.”

Well it is pretty close to reality. I find I can’t do without it. While we have not migrated all our 2007 OneNote notebooks to 2010, we will have it done by the end of the month. It is simply too important to not have all the info in the 2010 format and available whenever I need it!

•  OneNote helps bring together your digital info (notes, photos, videos, web links, etc.) into easy-to-organize notebooks.
•  OneNote makes it easy to share your notebooks and collaborate in real time with other OneNote users.
•  The OneNote Web App and OneNote Mobile allow you to access and add to your notebooks from virtually anywhere.