Researchers Cripple Pushdo Botnet:
“Trailrunner7 writes with this from ThreatPost: ‘Researchers have made a huge dent in the Pushdo botnet, virtually crippling the network, by working with hosting providers to take down about two thirds of the command-and-control servers involved in the botnet. Pushdo for years has been one of the major producers of spam and other malicious activity, and researchers have been monitoring the botnet and looking for ways to do some damage to it since at least 2007. Now, researchers at Last Line of Defense, a security intelligence firm, have made some serious progress in crushing the botnets spam operations. After doing an analysis of Pushdos command-and-control infrastructure, the researchers identified about 30 servers that were serving as C&C machines for the botnet. Working with the hosting providers who maintained the servers in question, the LLOD researchers were able to get 20 of the C&C servers taken offline, the company said.’
Drugs encased in nanoparticles travel to tumors on the surface of immune-system cells
August 15th, 2010
Drugs encased in nanoparticles travel to tumors on the surface of immune-system cells
(Nanowerk News) Clinical trials using patients’ own immune cells to target tumors have yielded promising results. However, this approach usually works only if the patients also receive large doses of drugs designed to help immune cells multiply rapidly, and those drugs have life-threatening side effects.
Now a team of MIT engineers has devised a way to deliver the necessary drugs by smuggling them on the backs of the cells sent in to fight the tumor. That way, the drugs reach only their intended targets, greatly reducing the risk to the patient.
MIT engineers have developed a way to attach drug-carrying pouches (yellow) to the surfaces of cells.
The new approach could dramatically improve the success rate of immune-cell therapies, which hold promise for treating many types of cancer, says Darrell Irvine, senior author of a paper describing the technique in the Aug. 15 issue of Nature Medicine (“Therapeutic cell engineering with surface-conjugated synthetic nanoparticles”).
Barnaby Jack hit the jackpot at Black Hat on Wednesday. Twice.
Exploiting bugs in two different ATM machines, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them.
He showed the attacks on two systems he had purchased himself — the type of generic ATM machines typically found in bars and convenience stores. Criminals have been hitting this type of machine for years, using ATM skimmers to record card data and PIN numbers, or in some cases simply pulling up a truck and hauling the machines away.
Patches have already been developed the systems, built by ATM-makers Triton and and Tranax, Jack said. Triton patched the issue in November 2009, said Bob Douglas, Triton’s vice president of engineering.
Douglas showed up at Black Hat to attend the talk and a subsequent press conference. Tranax could not immediately be reached for comment.
Tranax has had security problems before. In 2006, CNN reported that a Virginia Beach, Virginia, criminal used a keypad code to reprogram a Tranax machine into thinking it was dispensing $5 bills. Then, using an anonymous prepaid debit card, he withdrew $20 bills, but was only debited for one-quarter of the money he took. A manual showing how to do this, wasreportedly available on the web.
But according to Jack there’s an easier, much more alarming way to get the money out. Criminals can connect to the machines by dialing them up — Jack believes a large number of them have remote management tools that can be accessed over a telephone — and then launching an attack.
After experimenting with his own machines, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge, that lets him override the machine’s firmware. He also developed an online management tool, called Dillinger, that can keep track of compromised machines and store data stolen from people who use them.
Criminals could find vulnerable ATMs by using open-source “war-dialling” software to call hundreds of thousands of numbers, looking for those that respond by saying they have the vulnerable management software installed. Criminals have already used a similar technique over the Internet to break into vulnerable point-of-sale systems.
Jack’s tools are just proof-of-concept software, designed to show how vulnerable the machines really are, he said. “The goal of the talk is to spark discussion on the best ways to remediate,” he said.
“It’s time to give these devices an overhaul,” Jack said. “Companies who manufacture the devices aren’t Microsoft. They haven’t had 10 years of continual attacks against them.”
The machines Jack hacked were, however, based on Microsoft’s Windows CE operating system.
In an dramatic on-stage demonstration at Black Hat, he connected remotely to an ATM and ran a program called Jackpot that caused the ATMs to spit out cash, while playing a tune and splashing the word “Jackpot” across the screen of the machine.
In a second demo, he walked up to the machine, opened it with a key he had obtained on the Internet, and installed his own firmware. A single, standard key can open many different types of machines, he said, presenting another serious security problem.
He demonstrated the remote attack on an unpatched Tranax system; the hands-on attack was on an older Triton machine, he said.
Jack had planned to deliver the talk at last year’s conference, but it was pulled after ATM vendors asked for more time to patch the issues he’d discovered.
He got the green light for the talk after leaving his former employer, Juniper Networks, and taking a job with IOActive, a company that sells — among other things – ATM security consulting services.
The security researcher seems to have had a good time researching ATM bugs. When a delivery man showed up, asking him why on earth he’d want a machine delivered to his home, Jack quipped, “Oh I just don’t’ like the transaction fees, mate.”
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at@bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com
Is your voice mail password now the property of some Chinese hacker? Millions of Android users who downloaded an innocuous wallpaper app from Google’s Android Market may be nodding their heads ‘yes.’ Turns out, that wallpaper app was sending voice mail passwords and many other bits of personal data to someone in Shenzhen, China, according [...]
Is your voice mail password now the property of some Chinese hacker? Millions of Android users who downloaded an innocuous wallpaper app from Google’s Android Market may be nodding their heads ‘yes.’ Turns out, that wallpaper app was sending voice mail passwords and many other bits of personal data to someone in Shenzhen, China, according to one report.
The exploit was downloaded “anywhere from 1.1 million to 4.6 million times,” reports Dean Takahashi of VentureBeat. The application grabs your browsing history, text messages, phone’s SIM card number and subscriber ID and sends it all to the www.imnet.us website, according to the report. The data theft was first discovered by mobile security firm Lookout and announced at the Black Hat conference of security experts in Las Vegas. Unlike the recent security hole found in the AT&T website that could have allowed hackers access to 144 thousand iPad owner email addresses, the Android exploit was more extensive, involved more serious data theft and most importantly – it wasn’t a hypothetical threat.
Nearly half (43 percent) of the apps offered by Android Marketplace include third-party instructions, compared to 23 percent of iPhone apps, Lookout said. Another difference between the two app sources: iOS applications require Apple approval before appearing in the App Store. By comparison, Google’s Market only warns users during the installation process.
Additionally, applications distributed through the App Store carry digital certificates from Apple, reducing the likelihood malicious hackers could anonymously distribute data-stealing code.
RNA-Loaded Nanoparticles Fight Cancer: “DirkDaring writes ‘It’s been promised for years: that nanoparticles offer a treatment to many forms of cancer. Today, an important first step has been announced. In a new human trial, nanoparticles carrying RNA have successfully reached cancer cells and silenced the target gene. ‘The researchers developed a nanoparticle carrying a molecular marker that binds to the surface of cancer cells, triggering the cells to absorb it. The siRNA carried within the particle was designed to silence a gene called ribonucleotide reductase M2 (RRM2), which regulates DNA synthesis and repair and is known to be an anticancer target. Because it was the first trial using targeted RNAi delivery for cancer, says Mark Davis, a professor of chemical engineering at Caltech and the study’s lead author, ‘we wanted to choose a gene that was suspected to be hugely upregulated in a broad spectrum of cancers’ in order to increase the likelihood of being able to observe the novel therapy’s effect. The researchers analyzed biopsy samples from three melanoma patients in the trial who had received different doses of the therapy. They tracked the particles in the different samples, finding that the amounts they could see in the tumor cells correlated with the doses the patients received.”
Potential for new nanoparticle-based cancer detection
May 22nd, 2010
(Nanowerk News) Recent studies support the idea that the standard methods of screening men for prostate cancer leave much to be desired, particularly in terms of their inability to have much effect on prostate cancer survival. Now, a team of investigators at the University of Missouri School of Medicine have created a targeted gold nanoparticle that appears to offer a more sensitive and accurate method for detecting early stage prostate cancer. These nanoparticles may also be useful for detecting lung and breast cancers, too.
The investigators, led by Raghuraman Kannan and Kattesh Katti, published the results of their studies in the Proceedings of the National Academy of Sciences (“Bombesin functionalized gold nanoparticles show in vitro and in vivo cancer receptor specificity”). Dr. Katti is the principal investigator of a National Cancer Institute Cancer Nanotechnology Platform Partnership.
Drs. Kannan and Katti and their colleagues created their potential imaging agent by coating gold nanoparticles with bombesin, also known as Gastrin Release Peptide (GRP), a naturally occurring molecule that binds to a specific receptor that is abundant on prostate, breast, and small cell lung cancer cells. To do so, they had to develop new synthetic methods for linking this peptide, as well as other related peptides, to the gold nanoparticles.
With the nanoparticles in hand, the research team used them to image prostate tumors growing in mice. These experiments demonstrated that the nanoparticles were very specific at binding to prostate tumors and that this binding enabled the tumors to be spotted easily using computed tomography x-ray imaging. Moreover, tumors took up approximately 10 times more of the targeted nanoparticles than bombesin linked directly to the radioactive element technetium, a construct now in clinical trials as an imaging agent. These experiments also showed that injecting the nanoparticles into the peritoneal cavity produced better results than when the nanoparticles were injected directly into the blood stream, in large part because fewer nanoparticles became trapped in the liver and spleen.
Self-assembling gold nanoparticles use light to kill tumor cells
May 22nd, 2010
Self-assembling gold nanoparticles use light to kill tumor cells
(Nanowerk News) A variety of studies by numerous investigators are demonstrating that gold nanoparticles have real promise as anticancer agents. When irradiated with light, gold nanoparticles become hot quickly, hot enough to generate explosive microbubbles that will kill nearby cancer cells, a physical process known as the photothermal effect. To boost this approach, researchers at the University of California, Los Angeles, have developed a method for creating supramolecular assemblies of gold nanoparticles that function as highly efficient photothermal agents of a size designed to optimize their delivery to tumors.
Hsien-Rong Tseng and his colleagues reported their work in the journal Angewandte Chemie International Edition (“Photothermal Effects of Supramolecularly Assembled Gold Nanoparticles for the Targeted Treatment of Cancer Cells”). Dr. Tseng is a member of the Nanosystems Biology Cancer Center, a National Cancer Institute Center for Cancer Nanotechnology Excellence.
To create their self-assembling supramolecular gold nanoparticles, the researchers took advantage of a pair of molecules, cyclodextrin and adamantine, that bind very tightly to each other. They first took gold nanoparticles, 2 nanometers in diameter, and decorated the nanoparticles’ surface with adamantane.They then added two other constructs: cyclodextrin attached to a biocompatible polymer known as polyethyleneimine, and adamantane linked to polyethylene glycol, another biocompatible polymer. When combined in various ratios, these three constructs quickly assemble into nanoparticles with well defined sizes ranging from 40 to 118 nanometers in diameter. Once the complexes were purified, the researchers then attached a tumor targeting molecule to the surface of the resulting supramolecular complexes.
Record-Breaking Galaxy Cluster Found: “The Bad Astronomer writes ‘Astronomers are reporting that they have detected the most distant cluster of galaxies ever seen: a mind-smashing 9.6 billion light years away, 400 million light years more distant than the previous record holder. The cluster, handily named SXDF-XCLJ0218-0510, was seen in infrared images by the giant Subaru telescope, and confirmed with spectroscopy and the X-ray detection of million-degree gas (a smoking gun of clusters). Every time astronomers push back the record for clusters, they learn more about the early conditions of the universe, so this cluster will provide insight into how the universe itself changed over the first few billion years after the Big Bang.’
DNA could be backbone of next generation logic chips
May 11th, 2010
DNA could be backbone of next generation logic chips: “In a single day, a solitary grad student at a lab bench can produce more simple logic circuits than the world’s entire output of silicon chips in a month. So says a Duke University engineer, who believes that the next generation of these logic circuits at the heart of computers will be produced inexpensively in almost limitless quantities.”
