The party responsible for the recently discovered security flaw in the IE 8 browser has yet to be identified, but researchers believe hackers employed a watering-hole attack to specifically target US government employees and contractors who browse a website regularly frequented by staffers in the nuclear sector.Microsoft confirmed on Friday the existence of a zero-day code-execution exploit in IE 8 that, if not fixed, could allow hackers to install malware on a victim’s machine by employing so-called “drive-by attacks.” Indeed, the flaw was discovered only after an unknown number of computers became infected with a backdoor Trojan that was reportedly installed on the machines of web surfers who used IE 8 to navigate to a specific page on the US Department of Labor website.“The Department of Labor site was rigged to redirect users to another site that infected computers with an iteration of the infamous ‘Poison Ivy’ Trojan, which was able to avoid detection by all but two major anti-virus products,” Ben Weitzenkorn wrote Monday for TechNews Daily.According to Microsoft, “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.””An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website,” the company said.Researchers aren’t sure yet who exploited the flaw and are still assessing any damages incurred by the issue, but they have managed to identify the single Department of Labor webpage that was compromised by hackers: the DoL’s Site Exposure Matrices (SEM) page, described by the agency as “a repository of information on toxic substances present at Department of Energy (DOE) and Radiation Exposure Compensation Act (RECA) sites.” The SEM page contains information about the links between toxic substances and recognized occupational illnesses, and was designed to be used by staffers routinely exposed to nuclear elements and other hazardous materials.”The target of this attack appears to be employees of the Dept of Energy that likely work in nuclear weapons research,” security company Invincea announced on their blog.Speaking to NextGov, Invincea founder and former Defense Advanced Research Projects Agency program manager Anup Ghosh said, “We can infer the target of the attack are [Energy Department] folks in a watering hole style attack compromising one federal department to attack another.”Suspects have yet to be identified, but watering hole attacks targeting specific groups of victims have been routinely used by state-sponsored cybercriminals in the past. Security firm AlienVault added that they believe the attack was carried out by “DeepPanda,” a group of hackers alleged to have previously engaged in cyber espionage on behalf of the Chinese government.Separate from the exploit, the Pentagon released on Monday a 92-page report, the 2013 “Military and Security Developments Involving the People’s Republic of China,” which discusses in detail the potential cybercrimes that could attack US computers courtesy of the Far East.The Labor Department has since taken the SEM page down, but the damage may indeed have already been done. Although the exploit in IE was only discovered last week, security firm CrowdStrike said its research led them to believe the campaign started in March and infected victims in 37 countries, including primarily machines in the US. Only computers that used version 8 of Internet Explorer and Windows XP, Windows Vista and Windows 7 to navigate to the SEM page were vulnerable, but IE is the most widely used browser in America with a market share of roughly 42 percent, according to StatCounter’s April 2013 analysis. … Read More
Internet Explorer zero day exploit may have targeted nuclear workers
Security researchers at Invincea discovered an exploit in Microsoft’s Internet Explorer 8 late last month that would allow an attacker to remotely execute malicious code on a victim’s computer. Normally such a flaw wouldn’t be particularly newsworthy but malicious code designed to take advantage of this exploit was discovered on… … Read More
How Free Markets and Human Ingenuity Can Save the Planet
The Infinite Resource: The Power of Ideas on a Finite
Planet, by Ramez Naam, University Press of New
England, 352 pages, $29.95.
;“We are a plague on the Earth. It’s coming home to roost
over the next 50 years or so,”
warned the famed British television naturalist David
Attenborough in the January Radio Times. He added: “It’s
not just climate change; it’s sheer space, places to grow food for
this enormous horde. ;Either we limit our population growth or
the natural world will do it for us.” Would-be prophets of disaster
from Malthus to Paul Ehrlich have been preaching imminent
ecological doom for centuries now. All such prophecies have so far
failed. But is Attenborough right; is it different this time?
Probably not, Ramez Naam argues in The Infinite Resource:
The Power of Ideas on a Finite Planet. Naam is no cock-eyed
optimist. He takes seriously the environmental challenges that
currently confront humanity, from man-made global warming to the
depletion of fisheries, fresh water, and forests. And he believes
in peak
oil. Nevertheless, he argues that “it’s possible for humanity
to live in higher numbers than today, in far greater wealth,
comfort, and prosperity, with far less destructive impact
on the planet than we have today.”
Naam is a professional technologist. He is a former Microsoft
executive, where he worked on Internet Explorer and Microsoft
Outlook, and he’s a fellow at the Institute of Ethics and Emerging
Technologies. He is also the author of
More Than Human: Embracing the Promise of Biological
Enhancement and the science fiction novel Nexus.
In The Infinite Resource, he argues that human ingenuity
combined with the incentives of free markets can yield a world of
“almost unimaginable wealth, health, and well-being.” Knowledge, he
writes, “acts as a multiplier of physical resources allowing us to
extract more value (whether it be food, steel, living space,
health, longevity, or something else) from the same physical
resource (land, energy, materials, etc.).”
Take agriculture. 10,000 years ago it took an average of 3,000
acres to feed one hunter-gatherer; farmers today can feed one
person using less than one-third of an acre. “Our innovation in
farming technology has multiplied the value of a plot of land by
nearly 10,000,” Naam notes. If crop yields per acre had remained
stuck at their 1960 level, half of the world’s remaining forests
would have been plowed down
by now.
The energy needed to produce a unit of nitrogen fertilizer has
fallen nearly 90 percent since 1900. The energy required to produce
a ton of steel has dropped five-fold since 1950. The amount of
energy used to heat an average house in the U.S. is down 50 percent
since 1978. The amount of energy needed to desalinate a gallon of
water has plunged 90 percent since 1970. LED lights use about 10
times less energy than incandescents. Humanity has gotten richer
over the past couple of centuries not chiefly by doing more of the
same old things, but by developing better recipes.
To illustrate his point, Naam suggests that readers melt down
their iPhones and try to sell the raw materials. Of course, they
would be worth just a few cents. The value is in the design, which
derives from centuries of accumulated scientific and technical
knowledge. Not only can an iPhone connect you to nearly anyone on
the planet, you can access vast amounts of information instantly,
take and store photos and video and audio, navigate the streets of
a strange city, check your flight times, and…well, as of January
2013, there were 775,000 apps available in Apple’s App Store. “The
accumulated knowledge of materials, computing, electromagnetism,
product design, and all the rest that we’ve learned over the last
several centuries converts a few ounces of raw materials worth mere
pennies into a device with more computing power than the entire
planet possessed fifty years ago,” Naam writes.
Naam acknowledges that there are environmental problems that, if
unaddressed, could overwhelm technological and economic progress.
The solution, he suggests, lies in the market, which is “far
superior to any competing system for producing innovation, for
reducing poverty, for growing wealth, and for increasing
productivity.” Markets achieve these laudatory effects by means of
price signals; if a resource has no price, users can take as much
as they want. So all around the world we find rivers, lakes,
forests, fisheries, aquifers and the air being “treated as
socialist resources, free for anyone to use, exploit, or
damage without direct repercussions to themselves.”
Naam argues that the solution to most resource problems is to
put a price on them so that market actors pay for the damage they
cause other users of these resources. Surely that is right, but
there is prior step that he largely overlooks: property rights.
Prices in markets are negotiated between owners and buyers; the
overexploitation of rivers, lakes, fisheries, aquifers, forests,
and airsheds occurs chiefly because those resources are unowned.
The United Nations Food and Agriculture Organization estimates, for
example, that a third of the world’s fisheries are overexploited or
crashed already, and more than half are fully exploited now with no
room to grow. Naam points out that the production of capture
fisheries has been hovering around 90 million tons per year for the
past two decades. Aquaculture, by contrast, has gone from producing
14 million tons of fish in 1991 to 63 million in 2011. That’s a
good example of technology and innovation coming to the rescue, but
he could have mentioned that aquaculturists enjoy property rights,
and that capture fisheries can be protected and restored
by giving those fishers property rights as well. Once the fish
are owned, fishers have a strong incentive to protect stocks and
work to increase their numbers.
Another resource problem cited by Naam is the ongoing depletion
of aquifers and streams around the world, chiefly by farmers who
are irrigating their crops. Once again, assigning property rights
can allow a market price to emerge, forcing users to take into
account how they consuming a resource. For example, unitization,
a property right system used to manage oil and gas reservoirs,
could be applied to aquifers. Similarly, riparian rights can be
recognized in rivers and streams. (Another important way to
preserve water resources is for governments to stop
subsidizing irrigation water and pumps.)
Naam believes the biggest commons problem confronting humanity
is global warming, stemming from the fact that burning coal, oil,
and natural gas are loading up the atmosphere with extra carbon
dioxide. He does a good job of examining the evidence that this
could be a significant problem by the end of the century. He
properly fears the crony-capitalist distortions that accompany
proposals to put a price on carbon dioxide emissions through
cap-and-trade
schemes. Instead, he argues for a simple per-ton carbon tax
imposed at the wellhead and the minehead. For the first five years
the tax would be zero, permitting people to begin to make future
adjustments and investments. In year six, it would be set at $10
per ton—about 10 cents per gallon of gasoline, and 0.7 cents per
kilowatt-hour of electricity. The price would rise each year aiming
to reduce emissions by 80 percent by 2050.
Naam sets an eventual ceiling of $100 per ton, equivalent to $1
per gallon of gasoline and 7 cents per kilowatt-hour of
electricity. “Pricing carbon is not a big-government initiative,”
he insists, because all of the revenues would be divvied up equally
and sent back to every American. To level the trade playing field,
tariffs would be adjusted to take account of carbon taxes for both
exports and imports. Assuming that policymakers are going to do
something, Naam’s proposal is the something that
would do the least damage to the economy. Although Naam is likely
underestimating the inventiveness of fossil fuel producers,
setting a price on carbon would speed up the process of weaning
humanity off of fossil fuels and thus allay concerns about reaching
peak
oil.
Naam has confidence that innovators can dramatically improve
solar and wind power, allowing those technologies to deliver the
bulk of energy humanity will be using at the end of the century. He
points out that the cost of photovoltaic modules has dropped by a
factor of 20 since 1980. Nevertheless, he acknowledges that other
energy options will likely be necessary for a transition to
renewables. Consequently, he urges environmentalists to embrace
nuclear power, highlighting the economic and safety advantages of
small modular nuclear reactors. In some designs, the reactors can
be fueled by the nuclear wastes produced by conventional reactors
over the past 50 years, solving both an energy supply problem and a
waste problem simultaneously. He also wants to jettison the
Price-Anderson Act, a law limiting liability for nuclear accidents
to just $12 billion. That will encourage nuclear innovators to come
up with safer designs.
That said, Naam does think government-funded research and
development can help jump-start many of the technologies he
anticipates, especially in energy. I would argue that allocating
property rights to common pool resources, and the market prices
that would thus result, could well be enough to encourage
innovators to develop resource-conserving technologies without
recourse to handouts.
While Attenborough laments that humanity is a plague upon the
earth, Naam asks an intriguing question: “Would your life be better
off if only half as many people had lived before you?” In this
thought experiment, you don’t get to pick which people are never
born. Perhaps there would have been no Newton, Edison, or Pasteur,
no Socrates, Shakespeare, or Jefferson. “Each additional idea is a
gift to the future,” Naam writes. “Each additional idea
producer is a source of wealth for future generations.”
Fewer people means fewer new ideas about how to improve humanity’s
lot. In any case, Naam shows that current demographic trends
suggest that world population will peak below 10 billion before the
end of this century.
“If we fix our economic system and invest in the human capital
of the poor, then we should welcome every new person born as a
source of betterment for our world and all of us on it,” Naam
writes. He makes a persuasive case that human ingenuity will enable
both people and planet to flourish. … Read More
Internet Explorer 10 to run Flash content by default in Metro mode
Starting today, Microsoft says Internet Explorer 10 will enable Adobe Flash content by default while immersive mode is engaged (i.e. “Metro mode” for IE). The change will be delivered via Microsoft's usual round of “Patch Tuesday” updates for both Windows 8 and Windows RT and should be publicly available by… … Read More
All browsers fall at Pwn2Own but Chrome OS survives Pwnium
No browser was left standing at this year's Pwn2Own hacking contest. The latest versions of Microsoft's Internet Explorer, Google's Chrome, and Mozilla's Firefox all succumbed to exploits on day one, with hackers targeting a variety of zero-day vulnerabilities on each browser and Windows to hijack the underlying computer. By the… … Read More
Microsoft fined Â561m for not showing browser ballot on Win7 SP1
The European Commission has fined Microsoft €561 ($730 million) for not complying with a three-year old agreement to give Windows users a selection of alternative browsers. In 2009, Microsoft faced an antitrust case with the EU that suggested the company abused its position by forcing Internet Explorer on Windows customers,… … Read More
A.M. Links: Obama Approval Rating Down Precipitously, White House Tours Canceled, Hugo Chavez Dead
President
Obama’s approval rating is at 43 percent,
down 7 points from two weeks ago, in the Reuters/IPSOS
poll.
Google is now
including information on the national security letters it
receives and how many users they affect (between one and two
thousand last year) in its Transparency Report, despite a gag order
that comes with the letters.
White House tours have been
canceled for the sequester.
Venezuelans in America
cheered the death of Hugo Chavez and are cautiously optimistic
about the country’s future.
The United Kingdom will be
sending body armor and armored vehicles to Syria’s rebels, as
the refugee population
tops a million.
The European Union fined
Microsoft $731 million over Internet Explorer. What is this, the
90s?
Follow Reason 24/7 on ;Twitter!
Follow ;Reason ;on ;Twitter ;too, and like us
on ;Facebook. ;You
can also get the top stories mailed to
you—sign
up here.
Have a news tip? ;Send it to us!
The updated Reason app for ;Apple ;and ;Android ;now
includes ;Reason
24/7! … Read More
