Cybercriminals shift focus to bank employees

Security experts say fighting financial breaches will take both training and technologyto the employee.

That is according to the FBI, which issued a warning earlier this week that the latest trend by cybercriminals is to get employee login credentials, using spam and phishing emails, keystroke loggers, and Remote Access Trojans (RAT).

And the best way to fight it? That leads to the ongoing debate over training vs. technology. While most security experts say both are necessary, and the FBI provides a list of training recommendations and policy protocols to keep employees from giving up the keys to the financial kingdom, some experts like George Tubin, senior security strategist for Trusteer, say improved technology is the only effective solution.

“Part of the solution is training,” he said. “But we’ve been talking about this for so long, trying to educate customers and employees. It has become one of those battles I don’t think we’re going to win.”

“Some of the ploys are so good they could fool almost anyone — very sophisticated schemes like web injections and email from friends that lead you to open an attachment. The real answer comes in automated technology, to make sure people don’t respond to those things,” Tubin said.

He also noted that the trend toward employees working at remote branch or at home, the BYOD (bring your own device) trend and being allowed to surf the web off the corporate network “makes them extremely vulnerable.”

Brian Berger, vice president at Wave Systems, agrees. “Users are going to be users no matter how strong the security awareness education is, so it is critical that organizations have a counter measure in place to help mitigate threats like these,” he said. “Specifically, hardware authentication through the Trusted Platform Module (TPM) makes it so the criminals couldn’t penetrate even if the employee had a misstep.”

Kevin Flynn, a senior product manager at Fortinet, compares training to driver education for teens. “Drivers Ed may help reduce accidents but it doesn’t necessarily make teenagers safe drivers,” he said. “Security belongs in the network.”

However, Scott Greaux, vice president product management and services at PhishMe, said, “Education is an organization’s best defense against these threats but those efforts need to break away from the traditional security awareness model and employ creative and immersive education techniques such as mock phishing exercises that both improve awareness and increase retention.”

Greaux doesn’t rule out better technology as a factor. But he said the human element can heighten security in protocols. “Financial institutions should implement a mix of random and threshold based reviews for all wire transfers,” he said. “This will add an extra layer of human interaction with transactions making it more challenging to fraudulent transfers to go unnoticed.”

The potential damage from stolen credentials is obvious. With that information – especially if they have the credentials of more than one employee — criminals can access the accounts of any customer. The FBI did not name any specific banks, but said that “small-to-medium sized banks or credit unions have been targeted in most of the reported incidents…”

However, the agency did say a few large banks have also been affected. In those cases, the criminals were able to conduct unauthorized wire transfers overseas. The FBI said the amounts have ranged between $400,000 and $900,000. And in at least one case, “the actor(s) raised the wire transfer limit on the customer’s account to allow for a larger transfer.”

But the damage goes beyond monetary. It is one thing for a customer to be hacked or fall for a malware scam, but Tubin said it was “totally different” for a  financial institution itself to be compromised. “The damage to the reputation of a large institution could be devastating. That’s the last thing a bank needs is to be compromised.”

No matter how good the technology, the FBI recommends a number of basic precautions that financial enterprises should take. Among them: Remind employees not to open attachments or click on links in unsolicited emails; do not allow employees to access the Internet freely, or personal or work emails on the same computers used to initiate payments; do not allow employees to access administrative accounts from home computers or laptops connected to home networks; and ensure employees do not leave USB tokens in computers used to connect to payment systems.

Financial institutions should also monitor employee logins that occur outside of normal business hours; implement time-of-day login restrictions for the employee accounts with (access to payment systems; and restrict access to wire transfer limit settings, the FBI said.

Roger Thompson, chief emerging threats researcher at ICSA Labs, doesn’t debate training vs. technology. He says both are critical: “The best way to do security is think Swiss cheese. Any given layer has lots of holes in it, but if you arrange your cheese slices in layers, they cover up each other’s holes. In other words, no one layer has to be anywhere near perfect, provided there are enough layers.”

Advertisements

Microsoft releases fix for Internet Explorer flaw

Security vendors mixed on severity ratings of the most recent browser vulnerability

September 20, 2012 —  Microsoft on Wednesday released a temporary fix for an Internet Explorer vulnerability affecting most versions of Windows, as security vendors debated the risk of infection by exploits found on the web.

Microsoft said the “one-click” fix would have to be installed manually, but would not require a system reboot or affect a person’s ability to brows the Web. On Sept. 21, Microsoft planned to push out a permanent patch to Windows users through the operating system’s automatic update feature.

The patch will fix the latest publicly disclosed vulnerability, as well as four other critical flaws, said Yunsun Wee, director of Microsoft’s Trustworthy Computing unit.

Security vendors disagree on the threat level of the known vulnerability discovered over the weekend. Sophos raised the level to “high,” one notch below “critical.” The flaw, in IE versions 6 through 9, enables a hacker to install software capable of commandeering a computer.

Sophos chose high for now, because an exploit for the vulnerability, known as CVE-2012-4969, had not been added to Blackhole and other popular underground tools used by hackers. “If the prevalence increases, we will likely move to critical,” said Chester Wisniewski, a senior security adviser for Sophos.

Rather than wait for more exploits of the flaw, Rapid7 and FireEye rated the vulnerability as critical and highly critical, respectively. The highest ratings were warranted because the number of exploits on the Web was growing and IE accounts for a third to more than half of the browser market. The share varies by tracking firm.

“There are many users at risk, so it’s definitely highly critical,” said Atif Mushtaq, a security researcher at FireEye.

AlienVault reported on Tuesday that it had found three booby-trapped websites capable of installing malware in visitors’ systems. The malware-carrying sites included nod32XX.com, led-professional-symposium.org, a fake domain of a professional site aimed at manufacturers of LED (light-emitting diode) lighting, and defensenews.in, the main defense news portal in India. Malware being used included the PlugX remote access Trojan program.

“It seems the guys behind this zero-day [exploit] were targeting specific industries,” Jaime Blasco, an AlienVault researcher, said in a blog post. “We’ve seen that they compromised a news site related to the defense industry and they created a fake domain related to LED technologies that can be used to perform spear-phishing campaigns to those industries.”

The targeted nature of many of the attacks led to nCircle rating the vulnerability between medium and high. “We are not seeing full-on, drive-by attacks with this,” Storms said. “What we’re still seeing is more targeted, very specific attacks.” A drive-by attack is when simply going to a site can infect a computer.

Nevertheless, the vulnerability was serious enough for Germany’s Federal Office for Information Security to issue an alert Monday, warning people against using IE until Microsoft releases a fix. Sophos was also recommending that people use another browser.

Microsoft was given high marks for the speed of its response to the vulnerability. “Generally, they are moving really quick, and they are communicating with the public,” Storms said.

Microsoft released a workaround on Monday and said the next day that it would release a temporary fix in a “few days.” 

Because consumers are usually slow to install manual fixes, a much larger number of Windows users will be protected once the automatic update is released. “They need to prioritize an official patch that is deployed using Windows Update to truly provide protection to most IE users,” Wisniewski said.

The Dirt on Washable Keyboards

Most days I eat lunch at my desk and, more often than not, I’m working on the computer at the same time. I try my best not to get anything on my keyboard, but inevitably some crumbs fall in between the keys and, well, spills happen.

Using a damp towel and a can of air duster to clean up the grime does an okay job, but, as a neat freak, I feel like it’s never clean enough, especially in places I can’t reach. (I may or may not have gone so far as to ransack the IT department for a clean keyboard back in the day.) Fortunately, there’s now a better solution for germaphobes like me, as well as families with multiple kids, Internet cafes and anywhere else with shared computers.

This past week, I got a kick out of spilling soda, ketchup and other food onto keyboards — all for the sake of testing the Logitech Washable Keyboard K310 and the Kensington Washable USB/PS2 Keyboard with Antimicrobial Protection. Both keyboards cost $40, and can be washed with soap and water, allowing for a more thorough cleaning.

Both of them shined — quite literally — in testing, but the Logitech accessory features a design that makes it easier to wash in between the keys. And it’s quite stylish, so it would be my first pick for home or personal office use. The Kensington, meanwhile, has a more standard keyboard layout, but includes antimicrobial protection to prevent bacteria growth, so it’s great for use in shared work spaces like schools and hospitals.

The keyboards are optimized for use with Windows computers. The Logitech works with machines running Windows XP and higher, and the Kensington works with Windows 95 and above. Both will be compatible with the upcoming Windows 8.

I tested them with the 15.6-inch Vizio Thin + Light notebook running Windows 7 and an external display. The keyboards connect via USB (the Kensington also comes with a PS/2 connector) and a quick set-up wizard will walk you through the process within minutes. I also tried them out on my MacBook Pro, and was able to type without problem. But some functions, like the Windows Start button and hot keys, will not be applicable to Macs.

I started with the Logitech, which sports a chiclet-style design and features white buttons and a dark-gray base. Though functionality is important, I also like a product that looks good, and I would not mind showing off the Logitech in my home office.

There’s enough spacing between the keys that you can more easily remove small pieces of dirt or debris, even without water. The company includes a removable cleaning brush on the bottom of the keyboard, so you can wipe away dust and clean those extra-hard-to-reach places.

The Logitech can be submerged in up to 11 inches of water for a maximum of five minutes at temperatures less than 120 degrees Fahrenheit. The only part of the keyboard that can’t be placed under water is its USB cable. There is a cap attached to the cable that you can use to protect the USB connector from errant splashing, which was a nice touch. But don’t try to take a shortcut by sticking this in the dishwasher, or you might be watching $40 go down the drain. It’s also recommended that you use dish soap, but no alcohol disinfectants.

Now for the fun part: I spilled a variety of items onto the keyboard, including Heinz ketchup, orange juice and crumbled-up Triscuits. But my amusement soon turned into disgust, so I ran the keyboard under warm water in my kitchen sink, and the goo washed off right away with very little need to use a brush or sponge.

Resisting every urge to reach for the sponge and dish soap, I did another test where I left some of the liquids on a little longer to let them set. It required some gentle scrubbing, but in the end, the keyboard came out clean.

The characters on the keys are laser-etched and UV-protected, so Logitech says they won’t wear off after numerous washings. There are drainage holes on the back of the keyboard along the bottom and sides where the water can run off. After air-drying it overnight on a dish rack, the Logitech keyboard worked just fine.

As for the keyboard itself, I thought the layout was roomy and the buttons provided snappy feedback. There are 103 keys in total, including a dedicated number pad, and for Windows machines, the function keys offer quick access to your email, search, media and other applications. The Logitech can also be angled at eight degrees using tilting legs on the back.

The Kensington has a more traditional keyboard layout with 104 buttons (it has one extra Windows Start button compared to the Logitech), and comes in white or black. It, too, is roomy, but its keys don’t spring back as quickly as the Logitech’s does. The Kensington’s design is also clunkier and duller than the Logitech.

And, because this keyboard’s buttons are closer to each other, it’s more difficult to clean up congealed liquids from between the keys, and crumbs settle into the well beneath the buttons. I performed the same food-spill tests as the Logitech, and for removing sticky substances, I found that using a brush is best, but one is not included in the box. Running warm water through the keyboard took care of most of the small particles.

With the exception of the USB cable, the keyboard’s electronics are sealed against water, so you can immerse the Kensington in four inches of water at 130 degrees Fahrenheit for up to 40 minutes, max. Because the USB cable should not contact water, the keyboard is also not dishwasher-safe.

Drain holes are strategically placed throughout the keyboard, including the arrow keys and function buttons, and it’s ready to use as soon as it’s dry. I left it to air-dry overnight, and there were no problems when I plugged it back into the Vizio.

One nice feature of the Kensington is that it’s coated with antimicrobial resin to prevent growth of mold, mildew and fungus. Unlike the Logitech, this keyboard will stand up to harsher cleaning solutions, including bleach and disinfectant.

The extra layer of protection makes the Kensington a good candidate for use in shared places, where more than one person will be touching the keyboard. But,for personal use, I’d choose the Logitech Washable Keyboard. It’s easy to clean and pleasant to use, and its sleek design is an added bonus.

Happy 4th Birthday, Android

Android Birthday Cake

Apple may have the brand cachet, but Google has the sheer firepower. In just four short years, Google’s Android mobile platform has overtaken the global smartphone market. The first Android-powered phone, the T-Mobile G1, launched on Sept. 23, 2008. It landed more than a year after the first iPhone—and a few months after Apple introduced the App Store and made the iPhone a proper smartphone.

It’s always fun to look back and see how much the tech world has changed. But even as recently as 2008, when Android first hit the scene, most consumers still had regular cell phones instead of smartphones, Palm OS was still a contender, Research In Motion was on a BlackBerry Curve-fueled and Pearl-fueled upswing, and there was no such thing as an iPad. Mobile apps had yet to enter the public consciousness. Most phones were either 2G or 3G, not many had GPS yet, and any touch screen phone that wasn’t an iPhone needed a stylus.

The G1 wasn’t an amazing piece of hardware, either. Its 384MHz processor was relatively slow even for the time, and it looked like a slightly ungainly and unfinished T-Mobile Sidekick, with its oversize, slide-out QWERTY keyboard and thick, slanted chin. The OS itself was pretty barren, and looked like a Linux install without any customizations. Still, it had a glass capacitive touch screen and a WebKit browser like the iPhone, and you could heavily customize the home screen. As a result, the G1 still felt more capable than the stylus-based and non-touch smartphones of the day. Our reviewer Sascha Segan called the G1 “a basic introduction to what could be a blockbuster mobile platform.”

Enter the Motorola Droid
Sascha was right, of course, but it wasn’t immediately obvious at the time. After the G1 came out, we only saw a few other Android handsets appear over the course of the next 12 months, leading us to wonder if the platform was ever going to make it for real. Then came the Motorola Droid—the first high-profile Android handset to hit Verizon, complete with a tremendous “Droid Does” marketing campaign and a signature “Droiiid” sound for when new email arrived. It helped that it was also a fast phone and came with free voice navigation, the first handset ever to do so.

The Droid in fact did it for Android; for the first time, mainstream consumers began to wonder if they should get an iPhone or a Droid. From there, Android popularity surged—and the rest is history. 2010 saw the first Samsung Galaxy S handsets, while the start of 2011 brought the first 4G LTE devices running Android, more than a year and a half ahead of Apple. Screen sizes began to expand further and further. Google tried and failed to sell its own Nexus handset, only to resurrect the name in a series of purist phones across multiple manufacturers, culminating in the current Samsung Galaxy Nexus lineup.

Then there are the Android tablets. Most weren’t success stories, and many were downright terrible. But we’ve seen some bright spots recently, including the Kindle Fire HD, the versatile Galaxy Note 10.1, and my personal favorite, the Google Nexus 7, with its smooth, fast performance, bright display, and $200 price tag. We’ve even seen the debut of “phablets,” devices that straddle the line between phones and tablets, with screens in the low 5-inch range.

Two of the newest Android phones—the LG Optimus G and the Samsung Galaxy Note II—feature quad-core Qualcomm Snapdragon and Samsung Exynos processors, respectively. Even on regular smartphones, screen sizes are pushing up against the 5-inch mark. And we’re beginning to moving away from pure spec regurgitating, and into genuinely new capabilities like live zoom during mirrored video playback and on-the-fly photo filtering apps.

On Top, With Some Stumbles
Today, Android sits on the top of the platform heap in smartphone sales, beating its nearest rival (iOS) by roughly two to one in the U.S, and with Samsung far and away the sales leader. Android phones are great choices for consumers, for enterprises, for accessing the cloud, for enthusiasts hacking emulators and installing rogue OS builds—you name it and there’s a market for it. The latest OS, Android 4.1 “Jelly Bean,” rivals iOS in its smoothness and sophistication and beats it on customization options, if not in outright usability, and it’s finally beginning to appear on a few devices, too.

To be sure, the OS has taken some hits lately—most notably in Samsung’s massive loss to Apple during last month’s patent trial, one of the largest and most significant the tech industry has seen in more than a decade. The trick going forward will be for phone vendors to differentiate their devices and software builds, while simultaneously steering clear of existing UI patents and not completely alienating Android purists in the process. It’s a balancing act.

In addition, Android may have finally lost some of its inherent advantages over iOS with the introduction of the iPhone 5 last week, such as 4G LTE support, free voice navigation, and (to a limited extent) support for larger screen sizes. Finally, while Google Play is now stuffed with over half a million third-party apps, nearly all of them are for phones; there’s still a distinct lack of tablet-specific apps compared with the iPad.

These hurdles can all be overcome, though. There exists a vibrant and thriving Android enthusiast and developer community, plus more choice and fewer restrictions than you’ll ever see on Apple’s side. It’s been good to have you around, Android; here’s to faster performance, even cooler devices, and hopefully, fewer lawsuits in the months and years to come.

2013 BMW xDrive 1-Series Set For Paris Debut

BMW-1-Series.9.jpg

BMW has announced that the Paris Motor Show will serve as a launch platform for their first ever all-wheel drive version of the 1-Series. The compact model will of course be getting the xDrive system, which distributes drive torque variably between the front and rear axle.We had first heard about the availability of BMW’s intelligent all-wheel drive system (xDrive) on the 1-Series during the presentation of the three-door hatchback model back in May, and now the Bavarian automaker will hold the world premiere of these variants together with a new entry-level diesel option for the range.

BMW’s all-wheel drive system will currently be offered on two 1-Series hatchback models, the 120d xDrive and the sporty M135i xDrive and lastly the new entry-level diesel model, 114d.

The 120d xDrive-

The 120d xDrive is powered by 2.0-liter turbocharged four-cylinder diesel generating 181Hp (184PS) and enabling acceleration of 0 to 100 km/h (62mph) in 7.2 seconds and a maximum speed of 225 km/h (140mph).

BMW says it’s average fuel consumption will be of 4.7 to 4.8lt/100km (up to 49mpg US or 58.9mpg UK) and a CO2 figure between 123 and 126 g/km, depending on the tire format selected.

The sporty M135i xDrive-

Sitting at the top of the range is the M135i xDrive that gets a 3.0-liter turbocharged straight-six producing 315hp (320PS) and 450Nm (332 lb-ft) linked to a standard 8-speed automatic transmission.

The AWD system helps the M135i shave 0.2 seconds off the 0-100km/h (62mph) sprint compared to the RWD model with the automatic transmission and 0.4 seconds over the RWD version with a six-speed manual at 4.7 seconds.

It has an electronically limited top speed of 250 km/h (155mph) and returns an average fuel consumption on the EU test cycle of 7.8 lt/100km (30.2mpg US or 36.2mpg UK) and a CO2 emissions level of 182g/km.

The New Variant – 114d 

The third new model to join the ranks of the 1-Series range is the new entry-level diesel 114d that is equipped with a 1.6-liter four-cylinder unit delivering 94hp (95PS) at 4,000 rpm and 235Nm (173 lb-ft) between 1,500 and 2,750 rpm.

The 114d completes the standard sprint in 12.2 seconds enabling to a top speed of 185 km/h (115mph). Its average fuel consumption is 4.1 to 4.3 lt/100km (up to 57.4mpg US or 68.9mpg UK), while the relevant CO2 emissions rating is between 109 and 112 g/km, again depending on the tire and alloy wheel sizes.

Other concepts will include the previously revealed i3 electric minicar and i8 plug-in hybrid sports car, as well as the C evolution electric scooter prototype.

On top of this, BMW also plans to present its latest suite of ConnectedDrive infotainment technology, which includes the automaker’s updated satellite navigation system, new iDrive Touch setup, Dictation Service and LTE Mobile Internet.

Stay tuned for more details and all the photos of BMW’s Paris Motor Show, once the show kicks off on September 27.

HP refreshes four of itsPCs with AMD Trinity chips

HP refreshes some of its business PCs with AMD Trinity chips

If you’ve been waiting for some spankin’ new designs for HP’s business machines, we hate to disappoint you, but we’ve only got a spec bump to report here. The company just announced that it’s freshening up its ProBook 4445s, 4446s and 4545s with AMD’s newish Trinity-series APUs. While it was at it, the outfit also announced the Compaq Pro 6305 desktop, which is also powered by AMD’s A-Series chips (the A10, A8, A6 and A4, to be exact). The refreshed ProBook 4545s is available now, starting at R3 500.00 . (The 4445s and 4446s will only be available in Japan and other Asia-Pacific countries.) Meanwhile, the Compaq Pro 6305 desktop lands October 8th, starting at $539 with both Windows 7 and Win 8 configurations available.

TDSS Malware Infecting Fortune 500 Includes Evasion Tactic

Hard-to-kill malware spotted in the wild includes a domain generation algorithm in the communications with its command-and-control infrastructure to make it harder to detect and eliminate. Use of such a tactic is part of a growing trend among malware threats as attackers look to thwart security.

A new edition of the notorious TDSS malware has been spotted using a domain generation algorithm (DGA) in communications with its command-and-control (C&C) as it spreads throughout enterprises.

Also known as TDL4, TDSS works by infecting master boot records, which has made it difficult for security programs to destroy. At one point, security researchers reported, the malware had built a botnet of 4.5 million victims. In 2011, it was linked separately to the spread of the notorious DNSChanger Trojan, which was at the center of an FBI takedown operation last year.

According to IT security technology company Damballa, the latest discovery led to a new understanding of the malware’s C&C infrastructure, which appears to be managing multiple versions of the malware across more than 250,000 infected victims worldwide. In collaboration with the Georgia Tech Information Security Center, Damballa researchers launched a sinkhole operation using some of the malware’s domains to gather evidence about the command-and-control structure.

The researchers discovered that the latest version of the malware has infected computers at 46 of the Fortune 500. Other victims include government agencies and ISP networks. The C&C traffic captured by the sinkhole also yielded new details of a click-fraud operation leveraging DGA-based C&C to provide status reports about the fraud operation’s successes so the information could be used by the criminal operators to provision the entire fraud campaign. Some of the top hijacked domains in the click fraud operation include Facebook.com, Google.com and YouTube.com.

In all, a total of 85 C&C servers and 418 unique domains were labeled as being related to the malware, with Russia, Romania and the Netherlands hosting the most C&C servers.

Domain generation algorithms (DGA) are traditionally used as a way to evade signature-based detection systems and static blacklists, explained Manos Antonakakis, director of academic sciences for Damballa. Using the tactic–which is also known as domain fluxing–allows the attacker to exploit the inability of network security systems to recognize and block the latest active domain names, he told eWEEK. The technique has become popular among malware authors, and has been adopted by Trojans such as Zeus and BankPath, he added. Pseudo-random domain generation has also been used by the Blackhole exploit kit to make attacks more persistent.

“As we previously reported, the rate at which DGA-based communications techniques are being adopted, and their ability to elude the scrutiny of some of the most advanced malware analysis professionals, should be of great concern to incident response teams,” Antonakakis said in a statement.

“By adding elusive DGA C&C capabilities to malware that already evades detection and circumvents best practices in remediation by infecting master boot records, TDL4 is becoming increasingly problematic,” he added. “With its known ability to act as a launch pad for other malware, and TDSS’ history of sub-leasing access to their victims, these hidden infections in corporate networks that go undetected for long periods of time are the unseen time bombs that security teams work so hard to uncover.”

PARIS MOTOR SHOW : Playing home town advantage


  • Peugeot will reveal its updated RCZ


    The DS3 cabriolet is likely to find limited appeal
    The Onxy concept will feature a dashboard made from recycled newspapers


    Peugeot will reveal its updated RCZ


    APPEAL: The Peugeot 2008, aims to attract a more youthful audience

ONE of the biggest events on this year’s motoring calendar is just a week away as car companies pack up their latest concepts and hottest new cars and head for Paris.

Not all has remained secret until the covers come off on press day and in our first look at what to expect on showroom floors in the months and years to come, who better to put the spotlight on than the French vehicle makers.

There is little news yet of what, if anything, is likely to be coming from Renault and to be honest it will nice if they keep everything under wraps until show time. It will show the latest generation of the Clio and if rumours are correct then hopefully we will see the new Renault Sport Clio there too.

Citroen will be displaying the latest version of the C3 Picasso, an MPV which has been so underrated in the South African market. It may not be worth making a huge song and dance over though, and the same could be said of the new DS3 Cabriolet which, like the Fiat 500 convertible, features fixed side pillars and roof lines and a central folding top.

It will have a number of concepts though, including the first European sighting of the stunning Numero 9 which is still set to be a showstopper all on its own.

Following in the steps of its German counterparts, Citroen will have something for the Chinese to get all excited about in the form of the long wheelbase C4 L, and not to be outdone it will also have an all-electric DS3.

This all leaves much of the excitement for Peugeot, which definitely has something to roar about. It will be unveiling the facelift for its RCZ sports car, with opinions already differing as to whether the outgoing model actually has the better looks.

It will also show an R version, which the company says will be the most powerful in its history, with some 194kW on tap. Some were expecting to see a roadster version but unless the company is holding something back then it is unlikely we will see that in the Parisian halls.

What we will see though is the GTi derivative of the new 208, a car which launches in SA in just a few weeks’ time. We will have to wait until next year for the GTi version which is going to boast 147kW from its turbocharged 1.6l engine, a wider track front and rear, tuned chassis and a more sporty exhaust system. Peugeot is claiming the 208 GTi will bring back the days of the hallowed 205 GTi, a car which, along with the Volkswagen Golf GTi, heralded the dawn of the true hot hatch.

Peugeot’s real stars will come in the form of two very different concepts, though. The first is likely to make it into production and will also be based on the 208 platform.

The 2008 will be the next in the brand’s small crossover arsenal and will essentially take on the likes of the VW CrossPolo and Suzuki SX4. The design obviously echoes that of the regular 208 but with plenty of plastic cladding and a slightly increased ride height, it aims to attract a more youthful audience that wants to pack sports gear and a six-pack or two in the boot and head for the beach or the mountains.

Under the bonnet sits a 1.2l three-cylinder turbo-charged engine that develops 82kW. While there is no guarantee that the 2008 will actually make it into full production, the engine is already earmarked for a number of future models as the company aims to make more use of small capacity powerplants that generate decent power but with less fuel consumption and less emissions.

On the subject of greener motoring, Peugeot’s main draw card for the show will undoubtedly be the Onyx concept.

With a carbon fibre shell and pure copper wings and doors, it is all about being striking while also being lightweight.

Underneath the advanced bodywork will sit a 3.7l V8 hybrid HDi diesel engine that is claimed to produce a massive 447kW.

The Onyx is not just about lightweight and green performance though, with plenty of unusual technology featuring inside the cabin. This will include a passenger compartment made from a taut piece of felt but even more intriguing is the fact that the entire dashboard and centre console is made from what is called “Newspaper Wood”.

This material is produced from compressed used newspapers so who knows, maybe one day this copy of Business Day could be surrounding the instrument cluster in your Peugeot.

The Onyx is a project of the Peugeot Global Brand Studio which will also be showing a number of other projects, many of which are not based on four wheels. These will include the carbon fibre Onyx bicycle and also a three-wheeled hybrid supertrike which the company says shows a clear link with its history as a scooter manufacturer.