STE WILLIAMS

Analysis Software jack-of-all-trades Symantec has replaced dapper CEO Enrique Salem with board chairman Steve Bennett. Salem, we think, got the bullet for failing to conquer the mobile security market, his handling of the Backup Exec outrage, and his humdrum financial performance.

The company’s profit dipped this quarter, the first financial period of 2013, to $172m, down 9.5 per cent compared with the same three months a year ago. This figure is well down from $559m recorded in the previous quarter, which was bulked up by a payment from Huawei when the telco equipment giant bought out the Huawei-Symantec joint venture.

Revenues in Q1 2013 were up just 1 per cent year-on-year to $1.668bn, the seventh quarter in a row of $1.6 to $1.7bn sales. Salem had been tasked with lifting Symantec out of its revenue doldrums, relatively speaking.

Symantec’s figures to Q1 FY2013

The fact that Symantec’s board chairman is taking over indicates that Salem has gone with some haste: there has been no succession plan for this situation, that much is clear. Bennett said in a statement:

Enrique Salem has been a significant contributor during his 19 years’ associated with Symantec, including the last three years as CEO. While progress has been made over the last three years in many areas, it was the board’s judgment that it was in the best interests of Symantec to make a change in the CEO.

Enrique Salem

Bennett vented the board’s frustration thus: “My view is that Symantec’s assets are strong and yet the company is under-performing against the opportunity. I’m looking forward to working with the team to build upon the significant assets in place to help Symantec accelerate value creation for all of its stakeholders.”

Symantec has a new lead independent director who can make comments on the business inappropriate for a chairman or CEO. That person is Dan Schulman, who said: “The board’s decision to make a leadership change was not based on any particular event or impropriety but was instead made after ongoing consideration and a deliberative process.” Translation: Enrique, we thought long and hard, and we reckon it’s time Symantec backed up to another chief exec – just our little joke, there.

Being told Salem made a significant contribution in the circumstances but not thanked speaks volumes.

Steve Bennett

Bennett joined Symantec’s board in February 2010 after he was president and CEO of Intuit for eight years. He looks like a permanent rather than a stopgap CEO for Symantec, and said he viewed the job as a three or five-year task, followed preferably by an internal replacement. He said: “We are making progress on many fronts, but we believe we can further accelerate the company’s value to employees, customers, partners and shareholders.” Not good enough, in other words.

Symantec’s sales in the consumer segment have eroded under competition from increasingly capable freebie gear from the likes of AVG, Avast and Microsoft.

In addition the firm failed to switch away from its traditional software renewal business or set the world alight in the storage and system management market.

Less tangibly, Salem came across as a grey bureaucrat, hopelessly outgunned in the battle for big ideas when put against more charismatic figures such as Eugene Kaspersky, and seemingly without the ability to fire up Symantec’s sales team or channels.

As chief operating officer, Salem also earned the ire of its distribution network by dissing US resellers behind closed doors.

Chief financial officer James Beer said today: “We saw strength in endpoint protection, consumer security, authentication services, data loss prevention, and backup appliances.”

Here’s the company’s latest results break down:

• Consumer products contributed $521m, 31 per cent of total revenues, and decreased 1 per cent year-on-year.
• Security and Compliance contributed $501m, 30 per cent of revenues, and increased 7 per cent annually.
• Storage and Server Management contributed $584m, 35 per cent of revenues, and decreased 2 per cent annually.
• Services contributed $62m, 4 per cent of revenues, and declined 2 per cent annually.

Revenues from the Clearwell and Live Office acquisitions generated $24m.

In the earnings call Bennett admitted that the Backup Exec product faced challenges – a major update upset a lot of people. He said Symantec will work to get it back on track.

Bennett will undertake a 90 to 120-day tour of the company to chat to employees. He’ll probably make some short-term decisions but couldn’t say or wouldn’t say what they are right now. He seemed particularly keen on a Symantec eCommerce engine, though. Positioning Symantec as the mobile security market leader is a priority for him.

He also said Symantec generates more cash than it needs to run day-to-day and make any desired acquisitions – so he’ll help decide how to return any excess cash to shareholders, implying share re-purchases and/or dividends.

Asked if Symantec should be restructured and possibly broken up he said: “I start with a clean sheet of paper. The most important thing is strategy, and structure follows strategy. … I believe our assets are better than our performance and I need to understand what’s in the way.”

The estimated revenue for the next quarter lies between $1.635bn and $1.665bn, a decline of between 1 to 3 per cent year-on-year – more of the same as it will be too soon for any new Bennett broom to have an effect. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/25/symantec_ceo_change/

The Japanese government has uncovered an advanced Trojan attack which may have lain undiscovered on its networks leaking confidential data for over two years.

The Finance Ministry told the local Kyodo news service that the first infection came in January 2010, with the most recent taking place in November 2011, after which the attacks apparently stopped.

However, the infections were only discovered last week as part of an on-going security audit of the ministry’s IT systems begun by a contracted firm in May.

So far, 2,000 machines have been checked and a disconcertingly high number – 123 – were found to be infected by Trojan, the report said.

The government is trying to play down the incident by claiming that confidential information such as taxpayers’ details has not been leaked, and that the infected computers belonged mainly to junior staff, although the malware may have accessed documents related to ministry meetings.

The report references hacktivists Anonymous, which last month launched denial of service attacks and web defacements of several government and political sites including the Finance Ministry, although this Trojan attack appears at first sight not quite to fit the MO of the group.

The Trojan was apparently undetected by the anti-virus software installed on the government PCs and lay undetected for a long period of time – hallmarks of a more sophisticated advanced persistent threat-style attack.

The ministry has yet to identify exactly how the PCs became infected and has replaced the hard disks on all affected computers, the report said.

Last October, a Trojan attack on the machines of several Japanese lawmakers was uncovered.

The data-stealing malware arrived as a dodgy attachment and caused hijacked machines to communicate with a server located in China. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/25/japan_finance_ministry_trojan_attack/

Anonymous is preparing to reveal 40GB of data its members say came from an Australian internet service provider (ISP) and contains “600k+” of customer data.

The Reg understands a “sample leak” will be released later today and that the organisation will take care to protect individuals’ personal details.

The activist collective yesterday took credit for a series of defacements of Queensland government websites and has since contacted other media outlets, telling them that it intends to release customer data from an Australian ISP.

The @Op_australia Twitter feed recently promised it is “almost there” on “something big”. Comments on an Anonymnous-aligned IRC channel offered the mention of 600,000 customers and references to the sample leak

The 600,000 figure means the data almost certainly comes from one of Australia’s largest ISPs. Telstra and Optus are both known to have millions of subscribers, while iiNet has stated it has 1.3 million.

Among smaller ISPs, TPG’s most recent half year report says it has 567,000 subscribers, placing it ahead of the likes of Exetel, Adam Internet and Netspace. iPprimus is probably also below the 600,000 customer threshold, making it likely that Anonymous will embarrass Telstra, Optus or iiNet … with TPG also a chance of hitting the headlines for all the wrong reasons. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/25/anonymous_isp_data/

India has cemented its position as the world’s biggest fire hose of spam email, according to new figures.

Hacked computers in the republic working on behalf of crooks spewed more than one in ten of the globe’s spam mails in the last quarter, reported web security firm Sophos.

India is home to 5.3 per cent of the world’s internet users, but it plays an oversized role in the global junk mail epidemic. Apparently, lax security leaves the country’s PCs prone to viruses, which press-gang machines into remote-controlled zombie armies to do the bidding of criminals – such as flooding inboxes with dodgy advertising spam.

Asian countries disgorged 49.7 per cent of the world’s junk email last quarter, compared with 8.6 per cent of spam fired off from North America, according to the stats from Sophos. The security biz also pegged China in eighth place this time around; it’s believed the huge authoritarian state’s Great Firewall, and the fact that citizens need a licence to run an email server in the nation, play a part in limiting .cn-sourced spam.

Greater availability of internet access in Asia is continuing to fuel the increase in spam from that continent. Only a year ago the US topped Sophos’s Dirty Dozen list of spam-relaying countries, but these figures have been turned on their head: India has topped the list of shame for the past two quarters.

The actual content of spam messages have remained largely unchanged, and the identities of gangs responsible for commanding zombie botnets remain unknown.

“The spam itself, of course, doesn’t have to promote Indian goods,” commented Graham Cluley, senior technology consultant at Sophos. “Chances are that most of the spammers who are relaying their messages through compromised Indian computers are not based in the country at all – and just taking advantage of zombie computers that have been unwittingly recruited into a botnet.” ®

Top 12 spam-relaying countries for April to June 2012, according to Sophos

1. India: 11.4 per cent
2. Italy: 7.0 per cent
3. S Korea: 6.7 per cent
4. USA: 6.2 per cent
5. Vietnam: 5.8 per cent
6. Brazil: 4.4 per cent
7. Pakistan: 3.7 per cent
8. China: 3.2 per cent
9. France: 3.1 per cent
10. Russia: 2.9 per cent
11. Poland: 2.7 per cent
12. Taiwan: 2.6 per cent

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/25/spam_relay_villains/

Black Hat 2012 The 2012 Black Hat conference is kicking off in Las Vegas, and this year’s session will see Apple presenting for the first time, as well as a reunion of some of the team behind the first briefings 15 years ago.

Black Hat, and the associated DefCon sessions which follows it, is probably the largest collection of hardcore computer security experts on the planet, and features the latest updates on hacking opportunities and serious vulnerabilities. Nearly 10,000 people are expected to attend and share or use the knowledge gleaned to protect – or crack – systems.

While Apple has had security staff among the attendees for many years, the company has never actually made a presentation until this year. The recent spate of attacks on its products, however, appears to have engendered a new awareness that it can’t go it alone – and so the delightfully named Dallas De Atley, manager of the platform security team at Apple, will deliver a talk on iOS security.

Microsoft recognized the importance of Black Hat relatively early, and has been sending staff since the late 1990s, although Redmond’s problems with security make Apple’s recent public failings look like a mere flea bite by comparison. A session on Windows 8 vulnerabilities is scheduled that should prove both enlightening and worrying for Redmond – given we’re getting close to the launch of the new OS.

There’s also a reunion of some of the first Black Hat attendees. Jeff Moss, who started the conference before selling it, will join a panel with security guru Bruce Schneier, Adam Shostack, Marcus Ranum, and Jennifer Granick. The talk, entitled “Smashing the future for fun and profit”, will look at how things have developed in the last decade and a half, as well as considering what the next hot targets will be.

Another regular, Dan Kaminsky, will also be addressing the crowds on the latest naughtiness he’s proved possible. Kaminsky, who was instrumental in proving the need for and implementing DNSSEC as well as fixing SSL, is fast becoming one of the regulars at the show after deciding to go totally legitimate because, as he told us in 2010, he “didn’t want his mother to have to visit him in prison.”

While Black Hat is always informative, it also engenders a certain level of risk. Already someone has sent out a bogus password reset email to some attendees, and cracking the organizers is something many of the more mischievous attendees try – and anyone attending the show, including your Reg reporter, is considered fair game.

This year the organizers have warned attendees to avoid using Wi-Fi or other radio connections in the conference venue, steer clear of ATM machines (after a bogus one was set up near the venue in 2009), shield RFID-equipped cards and passports, and advises that all passwords are changed after the show.

“Wear a tinfoil hat,” the advisory email states. “OK, kidding about this one … although I do see one every show.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/25/black_hat_introduction/

Google has altered the comments system on YouTube to encourage those who wish to share their views to step up and identify themselves.

Under the new system anyone trying to leave a comment on YouTube will be asked if they would like to identify themselves using a Google+ account. It’s not compulsory, but those that decline this option are shown a new page asking why they chose to remain behind a cloak of anonymity.

Sadly no “Because I’m an immature coward” option

There’s also an option to backdate the identification option to past posts, but this can be applied selectively if you don’t want to assign your name to that drunken comment about President Obama’s birthplace.

Having commentators identify themselves should make them think a little bit more about what they write, but the changes are unlikely to bring about any serious cleanup of the site’s commentary zone, since it’s not compulsory. That said, the new query pages could get annoying enough after a while to encourage the flamers to move on.

YouTube has long been recognized as having one of the noisiest and rambunctious user commentary areas, where politeness is a collection of syllables and Godwin’s Law just a suggestion. Internet court jester Randal Munroe even suggested an elegant application fix for the YouTube commentard problem. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/24/google_youtube_comments/

The UK Home Secretary is due to decide by mid-October whether or not to order Gary McKinnon’s extradition to the US, a hearing at the High Court heard on Tuesday.

The hearing followed a decision by McKinnon and his legal team to decline to undergo a Home Office medical test by a doctor, Professor Thomas Fahy, whom McKinnon’s legal team said lacked specialist skill in assessing the mental state of people with Asperger’s. Experts in autism, including Doctor Jan Vermeulen who carried out a face-to-face assessment of McKinnon, have warned that McKinnon is at severe risk of committing suicide if faced with the prospect of a US trial on computer hacking charges.

An assessment of his suicide risk will be a key factor in the deliberations of Home Secretary Theresa May.

McKinnon, 46, admits hacking into US military and NASA computers during 2001 and 2002 with the aim of hunting for suppressed evidence about UFOs. But he denies causing damage and has consistently sought a trial in the UK since extradition proceeding began in late 2005, three years after his arrest by UK police.

His case was the topic of unsuccessful appeals that went all the way up to the House of Lords and the European Court of Human Rights before McKinnon was diagnosed with Asperger’s Syndrome, in August 2008. Labour Home Secretary Alan Johnson allowed McKinnon’s extradition despite medical evidence but extradition was later blocked pending a judicial review. This review was adjourned after the UK’s incoming Home Secretary, Theresa May, decided to re-examine the medical evidence back in May 2010.

Last week a Home Office spokesman said May was close to making a decision. “The Home Secretary will make a decision as soon as possible: this is a complex case, in a complex area of the law, and a large amount of material has been submitted, some of it relatively recently,” he said.

McKinnon’s case for trial in the UK has been supported by numerous public figures including Sting, David Gilmour, Stephen Fry, Terry Waite, Tony Benn, and numerous politicians of all hues. The issue has spawned debate in Parliament and reviews of the extradition laws between the US and UK, which critics argue are one-sided and unfair. Efforts to come to a diplomatic agreement about the case have been fruitless.

May’s decision in October is unlikely to be the last word on the case, if past form is any guide. And a further judicial review is more than likely if this review goes against McKinnon. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/24/mckinnon_extradition_review/

More than eight million email addresses, usernames and password hashes from German gaming website Gamigo have been dumped online, months after the site was hacked.

A 500MB file containing 8.2 million Gamigo user login credentials was uploaded and publicised via a post to password-cracking forum Inside Pro, according to the data breach alert service PwnedList. The file was pulled last week but the damage may already have been done.

The gaming site has been around since 2001, and focuses on free-to-play massively multiplayer online role-playing games, offering about 20 games which are published all across Europe and “since 2010, also in North America”, according to its website. Some of its more popular titles include the Civilization-esque Cultures Online and battle epic Last Chaos.

Tim “TK” Keanini, chief technology officer at network security firm nCircle and avid online gamer, said Gamigo made the mistake of using a weak encryption algorithm, leaving password open to brute force attacks.

“Gamigo is the new poster child for bad password security for two reasons: this is largest leak this year in terms of number of hashes, and they used MD5 Digest, a very weak encryption algorithm,” Keanini said. “MD5 has been known to be ineffective since 1996. There’s no excuse for using encryption this weak; it’s just bad security.

“For all practical purposes, MD5 is almost as bad as storing passwords in clear text. Given rainbow tables and other crypto-analysis techniques, breaking this encryption is child’s play. This should never be an option for password encryption,” he added.

Gamigo, which is owned by German publishing firm Axel Springer AG, applied a password reset after it told users about a password security breach that took place in late February. The danger remains that since the weak password hashes were exposed, many users are likely to have used their Gamigo password credentials on other more sensitive websites, such as webmail or e-banking.

The spilled data included 3 million US accounts, 2.4 million German accounts, and 1.3 million French accounts. Although the hacker who uploaded the password data claimed to have credentials from 11 million user accounts, the list contained a substantial proportion of duplicate email addresses, so 8.2 million is a more accurate figure, Forbes reports.

It’s unclear why the person who uploaded the list waited so long to spill the goodies after the original breach. It may be that the hacker and the dumper are two different individuals, and the dumper only recently came into possession of the leaked data, but this is only one of several possible explanations.

The original breach was pulled off by a hacker using the moniker 8in4ry_Munch3r, while the notice of the upload was posted to Inside Pro by “-=lebed=-“, Zdnet’s ZeroDay blog notes.

The security snafu joins the growing list of password security breaches this year from organisations including LinkedIn, eHarmony, Last.fm, Yahoo! Voices, Formspring, and Nvidia, among many others. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/24/gamigo_password_breach/

People operating under the name “Anonymous” claim to have defaced several websites in the Australian state of Queensland, in protest against draft Australian policies on data retention.

The Twitter handle @Op_Australia makes the claim in this tweet. A webchat channel at anonops.com named opAustralia referenced in other tweets is active, and offers a link to newswire story about the government’s proposed data retention policies. Those policies would see the government able to store and access up to two years worth of data about individuals and businesses, and enjoy easier access to social networks without user consent, in the name of national security.

Anonymous has claimed responsibility for the defacements in an email sent to News.com.au, which reports the attack was timed to coincide with the appearance of Prime Minister Julia Gillard in a Google+ Hangout. A Facebook page named Anonymous Australia links to that story and lists web sites the group says it defaced.

None of the websites Anonymous says it has defaced were still damaged at the time of writing, but createitmakeitliveit.qld.gov.au/ and smartawards.qld.gov.au/ each returned a redirect loop error and would not load.

It is of course hard to know if the defacements, Twitter account and webchat channel mentioned above really are run by Anonymous, because as Wired recently detailed various individuals and groups have donned the Guy Fawkes mask at different times.

What is certain, however, is that Australians aren’t happy with their government’s policies regarding internet freedom. A proposed Internet filter, ostensibly aimed at preventing child pornography reaching the island nation, drew wide protests before the 2010 election and an attack from Anonymous.

The filter is now in legislative limbo, and has not been put before the Parliament for some time. The new data retention proposals have also been widely criticised. The Federal government’s response to that criticism has been to point out that the proposals are only drafts and that the public has a chance to comment on them before the August 6th conclusion of a consultation process. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/24/anonymous_hits_australia/

The grubby practice of allowing UK-stamped surveillance tech to be shipped to brutal regimes could land the British government in court to answer allegations of aiding human rights breaches.

London-based NGO Privacy International has repeatedly asked the UK to exercise existing powers under the Exports Control Act 2002 to help put a stop to commercialised made-in-Britain spook spyware being used to facilitate social and political repression.

But PI said today that its polite requests had so far been ignored. As a result, the organisation’s lawyer has written a letter to Secretary of State for Business Innovation and Skills (BIS) Vince Cable demanding action from the government.

“Privacy International has given the government 21 days to respond,” the NGO said.

“If the government has failed to act by the time this deadline expires, Privacy International will file for judicial review and if appropriate seek an urgent injunction preventing British companies from maintaining and updating systems already previously sold to repressive regimes, and stopping any new exports in their tracks.”

The Register asked Cable’s office to respond to this story, but no one at the BIS had got back to us at time of publication.

It’s likely, however, that PI’s demands for a “substantive response” will be brushed aside, which means the matter could end up in court.

The charity’s head of research, Eric King, said:

British companies have been peddling their wares to repressive regimes for years now. Publicly condemning the abuses of dictators like al-Assad while turning a blind eye to the fact that British technologies may be facilitating these abuses is the worst kind of hypocrisy. The government must stop exports of British surveillance technologies to despotic regimes before more harm is done.

A six-month PI investigation concluded late last year, exclusively covered by El Reg, showed how the practice of selling, installing and managing surveillance tech and comms control kit for vicious regimes had turned into a lucrative market.

The probe revealed some 150 international companies were now trading in that nascent sector. The majority of those outfits either did not exist 10 years ago, or else punted other products besides electronic snooping tools. PI estimated that the industry now commands a global price tag of around £3bn each year. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/24/privacy_international_legal_action/