mattbatchelor

Likewise! Its a bloody joke! Did you see the Iphone 4s issues (IOS5) another cockup on apples behalf!

Looks cool. Reminds me of those flying things in the terminator films. Perhaps they can develop it to then try to move around the object?

Now, with the release of iOS 5.0.1 beta, we've discovered that one of the new security fixes is a fix for this Smart Cover bug. It appears that Apple has fixed the issue by not allowing the iPad 2 to go to sleep by way of the Smart Cover closing while on the power off menu. iOS 5.0.1 should make its way onto everyone's iOS 5 devices in a few weeks." So it goes.

Attackers used an off-the-shelf Trojan horse to sniff out secrets from nearly 50 companies, many of them in the chemical and defense industries, Symantec researchers said today.

The attack campaign -- which Symantec tagged as "Nitro" -- started no later than last July and continued until mid-September, targeting an unknown number of companies and infecting at least 48 firms with the "Poison Ivy" remote-access Trojan (RAT).

Poison Ivy, which was created by a Chinese hacker, is widely available on the Internet, including from a dedicated website .

The malware has been implicated in numerous attacks, including the March campaign that hacked the network of RSA Security and swiped information about that company's SecurID authentication token technology.

In a paper published today ( download PDF ), Symantec researchers spelled out their analysis of the Nitro attacks and the use of Poison Ivy.

"Nitro wasn't at the level of sophistication of a Stuxnet ," said Jeff Wilhelm, a senior researcher with Symantec's security response, in an interview today. "But there are similarities with other advanced threats."

Among those common traits, said Wilhelm, was the attack's narrow focus.

Poison Ivy was planted on Windows PCs whose owners fell for a dodge delivered via email, said Symantec. Those emails, which were delivered in small numbers -- sometimes to only a few people in a company -- touted meeting requests from reputable business partners, or in some cases, as updates to antivirus software or for Adobe Flash Player.

When users fell for the trick and opened the message attachment, they unknowingly installed Poison Ivy on their machines. After that, the attackers were able to issue instructions to the compromised computers, troll for higher-level passwords to gain access to servers hosting confidential information, and eventually offload the stolen content to hacker-controlled systems.

Many of the same techniques, including substantial time spent scouting targets and crafting individual emails, have characterized a number of notable attacks in the last two years, including the 2009-2010 "Aurora" campaign against Google and dozens of other Western firms, and the attacks against RSA this year.

Wilhelm declined to connect the dots between Nitro and the RSA attack, but did admit that there were similarities.

Twenty-nine of the 48 firms that were successfully attacked were in the chemical and advanced materials trade -- some of the latter with connections to military vehicles -- while the other 19 were in a variety of fields, including the defense sector.

A dozen of the targeted organizations were U.S.-based, said Symantec, while five were headquartered in the U.K. and others in Denmark, Italy, the Netherlands and Japan.

Symantec declined to comment on whether the sole Japanese firm was Mitsubishi Heavy, that country's largest defense contractor. Last month, Mitsubishi confirmed that scores of its servers had been infected with malware in August , a time right in the middle of the Nitro two-and-a-half-month run.

Last week, Mitsubishi Heavy said that secret information may have been stolen from its network during the attack.

Mitsubishi has not identified the attack's origin, or the malware that was placed on its servers and PCs.

China has denied that its government was involved in the attacks against Mitsubishi.

Symantec drew a second connection to China -- the first being Poison Ivy itself -- during its Nitro investigation, saying that it had contacted an individual who owned one of the command-and-control (C&C) servers.

That person, which Symantec named "Covert Grove," was located in the Hebei region of the People's Republic of China. Hebei is a province in northern China, and surrounds the capital, Beijing.

But the information Symantec had on the Nitro attacks was of little use in determining whether Covert Groove acted alone, or if he did, whether he was fronting for a hacking group or even a national government.

"We were able to trace this back to this individual, which is unusual," said Wilhelm. "But we just don't know whether he is the sole hacker."

And Wilhelm was hesitant to draw conclusions about the motivation for the attacks. "It could have been corporate espionage, or it could be anything," he said.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com .

See more articles by Gregg Keizer .

Read more about security in Computerworld's Security Topic Center.

Juniper Networks' suite of mobile security and device management tools is coming to three Samsung Electronics devices, marking the first time the company has provided its SSL VPN software for Google's Android OS.

Juniper is making its Junos Pulse and Junos Pulse Mobile Security Suite software available for the Galaxy Tab 10.1 and Galaxy Note tablets and the Galaxy SII smartphone, the companies said Monday. The Galaxy Tab 10.1 and Galaxy SII are available now, and the Galaxy Note was introduced in Europe on Monday and is coming later to the U.S.

Juniper's client software can be downloaded free of charge, and the back end to control it is a SaaS (software-as-a-service) offering that is expected to come from service providers as well as from Juniper.

Junos Pulse can be used to set up an SSL VPN (Secure Sockets Layer virtual private network) for secure access to corporate applications and content from mobile devices. Juniper claims it is the first SSL VPN system that has been offered for Android. Junos Pulse Mobile Security Suite incorporates several other features for managing enterprise mobile platforms, including antivirus and anti-malware, Internet address filtering, and remote wiping of data from a lost or stolen client. Junos Pulse and the suite are already available for Apple's iOS and for BlackBerries.

As it brings the software suite to Android, beginning with the Samsung phone and tablets, Juniper is adding the capability for the IT department to remotely remove any app from an employee's personal or company-issued device. IT staff will also be able to revoke access to an enterprise-issued app if the employee is no longer qualified to use it. Apps can be removed or revoked without any involvement by the user, said Gajraj Singh, director of product marketing for the Junos Pulse business unit.

As consumers start to use their own mobile devices for business functions, enterprises are increasingly concerned about how those devices may affect the security and performance of corporate data and applications. There are a variety of solutions to this problem now emerging, including software "sandboxes" for enterprise applications and virtualization of the devices into separate systems for personal and work uses.

By extending its Junos Pulse suite to more mobile platforms, Juniper is helping to tackle the problem of enterprises having to use many different tools to support the various mobile OSes their employees use, said analyst Bob Egan of Sepharim Group. Sybase, MobileIron and Mocana are other players trying to fill this space, he said. Between BlackBerry, iOS, mobile Windows systems and several versions of Android, as well as downloaded apps that may affect how the employee's phone or tablet performs, support personnel have many variables to consider when helping employees who bring their own devices, he said.

IT departments would like to have one tool to manage all mobile devices, which would lower support costs and help to ensure security, Egan said. But Juniper's move Monday is just one step in that direction, partly because there are so many versions of Android. "I don't see that unifying front happening any time soon," Egan said.

Egan said Juniper's new remove-and-revoke feature is just what many enterprises are looking for. He expects this type of capability to be a requirement in highly regulated industries such as financial services and health care within a year. It's needed because many consumer mobile apps can "leak" sensitive enterprise information such as location and contact data, and because enterprises want to make sure their employees have the correct and current version of any business app, he said.

Juniper is offering the SaaS products to service providers that can package and resell them to small, medium and large business subscribers. The company is also selling the services directly to large enterprises, where IT can use a Web-based interface to operate them, Singh said. A typical one-year software license for a company with 1,000 employees has a list price of US$70 per user, Singh said.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com