Research links massive cyber spying ring to Russia

A professional espionage group has targeted a variety of Eastern European governments and security organizations with attacks aimed at stealing political and state secrets, security firm FireEye stated in a report released on Tuesday.

The group, dubbed APT28 by the company, has targeted high-level officials in Eastern European countries such as Georgia, and security organizations such as the North Atlantic Treaty Organization (NATO). While Russian and Ukrainian cybercriminal groups are known to conduct massive campaigns aimed at stealing money and financial information, APT28 focuses solely on political information and state secrets, according to FireEye.

The report argues that the group is closely tied to Russia and likely part of Moscow’s intelligence apparatus.

Read 8 remaining paragraphs | Comments

Handling Errors in Modules Caused by Zen Cart 1.5.3’s Change to the mysqli Extension

For the most part, the changes introduced in Zen Cart 1.5.3 have little impact on add-on modules in use, but we have found that one under the hood change is causing some problems. Previous versions of Zen Cart connected to the website’s database using PHP’s MySQL extension, starting with Zen Cart 1.5.3 the connection is instead made using PHP’s MySQL Improved (mysqli) extension. This change was needed at the very least to future proof Zen Cart as the MySQL extension was deprecated in PHP 5.5 and will be removed in a future version. For most modules the change has no impact, either because they don’t interact with the database or because they interact with it though Zen Cart’s database abstraction layer, so they don’t have any direct interaction with the database extension in use. In doing upgrades to Zen Cart 1.5.3 we have found that some modules, including the popular Easy Populate CSV and Super Orders, have direct interaction with the database using the MySQL extension. Because Zen Cart 1.5.3 is no longer using the MySQL extension to connect to the database, errors like the following will be shown when a module tries to utilize MySQL extension based functions:

Warning: mysql_query(): Access denied for user ‘root’@’localhost’ (using password: NO) in [redacted]/orders.php on line 1229 Warning: mysql_query(): A link to the server could not be established in /[redacted]/orders.php on line 1229 Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in [redacted]/orders.php on line 1230

The quick solution to this type of error is to create a MySQL extension based connection for the module’s code to utilize. This can be done by adding the two following lines near the top, but below the line “<?php”, of the file with the error:

mysql_connect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD);
mysql_select_db(DB_DATABASE);

The first line makes a connection to the database server listed in your configure.php file and the second will select the database listed in the configure.php.

A more permanent solution would be to modify the module’s code to utilize Zen Cart’s database abstraction layer, if possible.

Taking back privacy in the post-Snowden cloud

Aurich Lawson / Thinkstock

Welcome to Ars UNITE, our week-long virtual conference on the ways that innovation brings unusual pairings together. Today, a look at how everyone involved with the modern cloud is looking to improve its security. Join us this afternoon for a live discussion on the topic with article author Sean Gallagher and his expert guests; your comments and questions are welcome.

When the technology industry embraced “cloud computing” and made it part of our daily lives, we all made a Faustian bargain. They gave us a way to break free from the expense of owning all the hardware, making computing and storage capacity dirt cheap and available on demand. On the other side, we promised not to worry too much about the fine print.

“In the 2000s we had this wild cloud party,” said Peter Eckersley, technology projects director at the Electronic Frontier Foundation. “That party ended—Edward Snowden crashed that party. And we’ve woken up with a massive privacy and security hangover that companies are now trying to shake.”

Read 35 remaining paragraphs | Comments