Higgs Boson May Be Indicated in New Data

Image: The main ring of the Tevatron accelerator at the Fermi National Accelerator Laboratory.

After 40 years, more evidence is being reported Wednesday that the end of the biggest manhunt in the history of physics might finally be in sight.

Physicists from the Fermi National Accelerator Laboratory in Batavia, Ill., say they have found a bump in their data that might be the long-sought Higgs boson, a hypothesized particle that is responsible for endowing other elementary particles with mass.

The signal, in data collected over the last several years at Fermilab’s Tevatron accelerator, agrees roughly with results announced last December from two independent experimental groups working at the Large Hadron Collider at CERN, the European Organization for Nuclear Research, outside Geneva.

“Based on the current Tevatron data and results compiled through December 2011 by other experiments, this is the strongest hint of the existence of a Higgs boson,” said the report, which will be presented on Wednesday by Wade Fisher of Michigan State University to a physics conference in La Thuile, Italy.

None of these results, either singly or collectively, are strong enough for scientists to claim victory. But the recent run of reports has encouraged them to think that the elusive particle, which is the key to mass and diversity in the universe, is within sight, perhaps as soon as this summer.

Beate Heinemann, a professor at the University of California, Berkeley, who has been deeply involved in analyzing data from the Large Hadron Collider, said recently of the CERN results, “This very much smells like the Higgs boson.” But, she noted, the signal could also go away when more data is obtained. …

via Higgs Boson May Be Indicated in New Data – NYTimes.com.

Solar Flare Would Rupture Earth’s “Cyber Cocoon”

…  To begin with, the University of Colorado’s Baker said, electrical disturbances as strong as those that took down telegraph machines—”the Internet of the era”—would be far more disruptive. …

CME, a slower moving cloud of charged particles that can take several days to reach Earth’s atmosphere. When a CME hits, the solar particles can interact with Earth’s magnetic field to produce powerful electromagnetic fluctuations….

“We live in a cyber cocoon enveloping the Earth,” Baker said. “Imagine what the consequences might be.”

Of particular concern are disruptions to global positioning systems (GPS), which have become ubiquitous in cell phones, airplanes, and automobiles, Baker said. A $13 billion business in 2003, the GPS industry is predicted to grow to nearly $1 trillion by 2017.

In addition, Baker said, satellite communications—also essential to many daily activities—would be at risk from solar storms.

“Every time you purchase a gallon of gas with your credit card, that’s a satellite transaction,” he said.

But the big fear is what might happen to the electrical grid, since power surges caused by solar particles could blow out giant transformers. Such transformers can take a long time to replace, especially if hundreds are destroyed at once, said Baker, who is a co-author of a National Research Council report on solar-storm risks.

The U.S. Air Force Research Laboratory’s Cliver agrees: “They don’t have a lot of these on the shelf,” he said.

The eastern half of the U.S. is particularly vulnerable, because the power infrastructure is highly interconnected, so failures could easily cascade like chains of dominoes.

“Imagine large cities without power for a week, a month, or a year,” Baker said. “The losses could be $1 to $2 trillion, and the effects could be felt for years.”

Even if the latest solar maximum doesn’t bring a Carrington-level event, smaller storms have been known to affect power and communications.

The “Halloween storms” of 2003, for instance, interfered with satellite communications, produced a brief power outage in Sweden, and lighted up the skies with ghostly auroras as far south as Florida and Texas. …

via Solar Flare: What If Biggest Known Sun Storm Hit Today?.

Just a reminder to have plenty of food and water on hand, at least a month’s worth. Are you prepared?

IBM’ ‘Holey’ Chip’s Speed: 500 high def movies per second

Techie types years ago started using the prefix mega–for millions of bits or bytes of data–and got even more excited when they could adopt giga, for billions. Now IBM wants to apply the term tera to communications.

The computer maker on Thursday is disclosing a prototype set of chips that it believes is the first to reach a terabit–delivering a trillion bits of data per second. That’s the equivalent of downloading 500 high-definition movies, and is roughly eight times the capacity of comparable chip sets now on the market, Big Blue says.

IBM’s innovation is not about the speed of any particular stream of data, but the number of streams available at the same time–like adding more lanes on the freeway can get more cars from Point A to Point B in a given amount of time. That improvement in bandwidth appeals to companies that make servers and need to connect them together, in hopes of speeding applications like sending videos to more Internet users at a higher speed.

The research effort is based on optical technology, which uses laser pulses to send data. In this case, the experimental IBM chip has 24 channels to receive data and 24 channels to transmit it, each handling data at speeds of 20 gigabits per second. The miniaturization effort required IBM researchers to create 48 holes in the transceiver chip, which is soldered together with lasers and other components in a package that the company dubs a “holey optochip.”

Besides raw speed, computer companies like IBM are concerned with space and power efficiency. The transceiver chip measures only 5.2 millimeters by 5.8 millimeters–about one-eighth the area of a dime–and draws 4.5 watts, a modest amount compared with other comparable components, IBM says.

“We were very constrained here,” says Clint Schow, who manages the IBM research team that worked on the effort. “We had to have a huge amount of bandwidth in a very small area.”

Exactly how, and when, the development might find its way into commercial products is not clear. IBM doesn’t sell such components, so would be inclined to hunt for partners to help commercialize the technology, Schow says. …

via IBM Wholly Excited About ‘Holey’ Chip’s Speed – Digits – WSJ.

Alien programming language used in Duqu Trojan

Malware experts from Kaspersky Lab have asked the programming community for help identifying the programming language, compiler or framework that was used to write an important part of the Duqu Trojan, in the hope that it could reveal clues about who created it or why.

“When we checked Duqu it looked totally unknown and that was very curious, because it’s unclear why something very custom was developed and used,” said Vitaly Kamluk, chief malware expert with Kaspersky Lab’s global research & analysis team.

Understanding how a piece of malware was created can offer clues about where to look for it next or the level of resources required for its development, the security expert said.

Some parts of the Duqu payload DLL, the component responsible for interacting with the command and control servers, downloading and executing additional modules, and performing other tasks, were written in standard C++, but a big chunk of it was not.

“This slice is different from others, because it was not compiled from C++ sources. It contains no references to any standard or user-written C++ functions, but is definitely object-oriented,” said Kaspersky Lab expert Igor Soumenkov in a blog post that describes the particularities of the unfamiliar code.

Kaspersky researchers refer to this portion of the Trojan as “The Duqu Framework” and believe that it might have been created by a different programming team. The unusual code is also particular to Duqu and doesn’t exist in Stuxnet, unlike some other parts that were directly borrowed from the infamous industrial sabotage malware.

“The mysterious programming language is definitively NOT C++, Objective C, Java, Python, Ada, Lua and many other languages we have checked,” Soumenkov said, adding that Kaspersky’s research team has spent countless hours analyzing the code.

The company’s researchers even discussed it with third-party experts, but didn’t get any closer to solving the mystery. “It looks absolutely alien,” Kamluk said.

Finally, Kaspersky Lab appealed to the entire programming community in the hope that someone might recognize the code constructions and figure out what was framework, toolkit or language was used.

The company has received various suggestions in comments on its blog, that range from F, D, Iron Python, High-Level Assembly, Common LISP, Forth, Erlang, Vala, to more exotic tools like RoseRT, which one user claims was used in secure government projects.

“It took us several weeks to check commonly used programming languages and various compilers,” Kamluk said. “So, I guess it may also take some time to check other suggestions.”

via Researchers can’t identify programming language used in Duqu, ask for help.

Duqu authors sprinkle humor in dangerous code

… For all of the concern around Duqu, the most discussed piece of malicious software since Stuxnet, the latest analysis of its code shows its writers have a sense of humor.

Wrapped in the code used to infect computers is an “Easter egg,” or a hidden message. Easter eggs have long been inserted in computer code, often seen only by those who enjoy browsing computer code.

Duqu’s exploit, the code used to take advantage of a software vulnerability, contained the line: “Copyright (c) 2003 Showtime Inc. All rights reserved. DexterRegularDexter.”

The reference to the television show “Dexter” is meant as a joke. The shellcode of the exploit is contained in an embedded font called “DexterRegularDexter,” which is processed by Windows’ Win32k TrueType font parsing engine, wrote Aleks Gostev, a senior analyst with the Global Research and Analysis Team for Kaspersky Lab.

“This is another prank pulled by the Duqu authors,” he wrote.

There actually is no font called Dexter, though, and it is just a name the malware authors assigned to the file, said Costin Raiu, director of Kaspersky’s Global Research and Analysis Team.

Kaspersky and many other computer security companies have been analyzing Duqu since it surfaced. Duqu shares some similarities with Stuxnet, the malware believed to have been created with the intention of disrupting Iran’s nuclear program by tampering with centrifuges used to enrich uranium. But experts remain uncertain if there is a connection between the developers of the two pieces of malware.

Gostev’s latest write up is an analysis of a version of Duqu that came from Sudan’s CERT (Computer Emergency Response Team), which had a sample of Duqu from an unnamed organization that was infected.

Victims are infected by an exploit delivered via a tampered Microsoft Word document, which, if opened, delivers Duqu. Gostev’s post includes a screenshot of the simple email purporting to come from a marketing manager, “Mr. B. Jason,” requesting that the receiver open a Word document and answer a few questions such as “Do you supply marine shipping?”

Other clues in the code have indicated that Duqu could be as much as 4 years old. A driver loaded by Duqu’s exploit into the Windows kernel has a date saying it was compiled on Aug. 31, 2007, Gostev wrote. But that may not be accurate, since Duqu has different components that could have been created at different times.

Another oddity discovered by Kaspersky is how often attacks occurred on Wednesdays.

“The Duqu gang has an affinity for Wednesdays,”Raiu said. “They have repeatedly attempted to steal information from these systems on Wednesdays. This probably indicates a strong routine, almost military type.”

The attackers also took a lot of care when they struck to avoid being detected. They used separate command-and-control servers for each unique set of files. They also crafted a unique Word file for each victim and sent the malicious files from anonymous e-mail accounts, probably on compromised computers, Gostev wrote. They even modified the shellcode for different attacks….

via networkworld