Diberdayakan oleh Blogger.

Popular Posts Today

Bogus Chrome, Firefox extensions pilfer social media accounts

Written By Unknown on Rabu, 31 Juli 2013 | 16.01

Trend Micro has found two malicious browser extensions that hijack Twitter, Facebook and Google+ accounts.

The attackers plant links on social media sites that, if clicked, implore users to install a video player update. It is a common method hackers use to bait people into downloading malicious software.

The bogus video player update lures people in a macabre manner: it says it leads to a video of a young woman committing suicide, according to Trend's description.

The video player update carries a cryptographic signature that is used to verify that an application came from a certain developer and has not been modified, wrote Don Ladores, a threat response engineer, with Trend.

"It is not yet clear if this signature was fraudulently issued, or a valid organization had their signing key compromised and used for this type of purpose," he wrote.

Hackers often try to steal legitimate digital certificates from other developers in an attempt to make their malware look less suspicious.

If the video update is executed, the malware then installs a bogus Firefox or Chrome extension depending on which browser the victim uses.

The malicious plugins try to appear legitimate, bearing the names Chrome Service Pack 5.0.0 and the Mozilla Service Pack 5.0. Ladores wrote that Google now blocks the extension that uses its name. Another variation of the extension claims it is the F-Secure Security Pack 6.1.0, a fake product from the Finnish security vendor.

The plugins connect to another website and download a configuration file, which allow them to steal the login credentials from a victim's social networking accounts such as Facebook, Google+, and Twitter. The attackers can then perform a variety of actions, such as like pages, share posts, update statuses and post comments, Ladores wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


16.01 | 0 komentar | Read More

Microsoft discloses weak Surface revenue

Microsoft's Surface tablet has earned the company less in revenue than it paid to write down unsold stocks of the device.

The company said in a regulatory filing with the U.S. Securities and Exchange Commission that the Surface had earned revenue of US$853 million in its fiscal year ended June 30. The Redmond, Washington, software company did not disclose how many units of the tablet it had shipped during the year.

Microsoft announced earlier this month it took a charge for Surface RT inventory adjustments of approximately $900 million. The company also saw a $898 million increase in advertising costs, associated mainly with the Windows 8 operating system and Surface, according to the filing.

Aimed to compete with Apple's iPad and other tablets, the Surface RT built around a ARM-based processor and running Windows RT operating system was generally available from October. The Surface Pro, which runs Windows 8 on an Intel processor, became available in February.

Microsoft decided to design and manufacture the product, to the dismay of some partners who were used to dealing with Microsoft as a supplier of software, rather than as a competitor in the computing devices market.

"A competing vertically-integrated model, in which a single firm controls the software and hardware elements of a product and related services, has been successful with some consumer products such as personal computers, tablets, mobile phones, gaming consoles, and digital music players," Microsoft said in the filing, while discussing its competition. The company said it also offers some vertically-integrated hardware and software products and services, but its competitors in smartphones and tablets have established significantly larger user bases.

The Surface has not been a runaway success in the market. Microsoft shipped about 900,000 Surface tablets in the first quarter of this year, giving it a 1.8 percent market share of the tablet market, according to IDC. Apple led with 19.5 million iPad shipments, a market share of almost 40 percent, followed by Samsung with 18 percent share, Asus at 5.5 percent and Amazon.com at 3.7 percent share. Overall, Windows 8 and Windows RT tablets, including from other vendors, continued to struggle to gain traction in the market, and total Windows 8 and Windows RT shipments across all vendors reached 1.8 million units, IDC said.

Microsoft said in the filing that it would continue to invest in the Surface.


16.01 | 0 komentar | Read More

US appeals court upholds warrantless collection of phone location data

Warrants are not required by the U.S. government to access historical cell site information, an appeals court ruled in an order.

The Fourth Amendment to the U.S. Constitution protects only reasonable expectations of privacy, the U.S. Court of Appeals for the Fifth Circuit wrote in a 2-1 ruling on Tuesday. The Fourth Amendment protects against unreasonable searches and seizures.

"Because a cell phone user makes a choice to get a phone, to select a particular service provider, and to make a call, and because he knows that the call conveys cell site information, the provider retains this information, and the provider will turn it over to the police if they have a court order, he voluntarily conveys his cell site data each time he makes a call," the court added.

Cell site information is clearly a business record, collected by the service provider for its own business purposes, and without being asked to so by the government, the court said in the order.

The dispute hinged around whether law enforcement agents can access cell site data with a relatively easy-to-obtain order under section 2703 (d) of the Stored Communications Act, which is based on a showing of "specific and articulable facts," instead of using a search warrant after showing probable cause.

Rights groups American Civil Liberties Union and Electronic Frontier Foundation and others have argued that the government should be required to seek a warrant to access the location information, because it is sensitive and can reveal a great deal about a person. The groups argued in court that SCA grants courts the discretion to require the government to obtain a warrant based upon probable cause before accessing historical cell phone location data.

Ruling that compelled warrantless disclosure of cell site data violates the Fourth Amendment, a magistrate judge earlier denied a government request for the historical cell site data in three applications filed in October, 2010 under the SCA for seeking evidence relevant to three separate criminal investigations. The judge, however, allowed for providing subscriber information.

Following an appeal by the government, a district court held that data "disclosing the location of the telephone at the time of particular calls may be acquired only by a warrant issued on probable cause," as the records would show the date, time called, number, and location of the telephone when the call was made, which is constitutionally protected.

The Fifth Circuit court clarified that its ruling only covered section 2703(d) orders to obtain historical cell site information, and did not address, for example, orders requesting data from all phones that use a tower during a particular interval or "situations where the Government surreptitiously installs spyware on a target's phone or otherwise hijacks the phone's GPS, with or without the service provider's help."

The Supreme Court of New Jersey ruled earlier this month that cellphone users have a reasonable expectation of privacy of their cellphone location information, and police are required to get a search warrant before accessing the information. People are not promoting the release of personal information to others when making disclosures to phone companies, the court said in an unanimous ruling.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com


16.01 | 0 komentar | Read More

Is Snowden a Russian citizen? No, it's just a Google Translate trick

Written By Unknown on Selasa, 30 Juli 2013 | 16.00

The announcement appeared in small text on the Russian president's website: "Let me speak from my heart: Edward Snowden is a Russian Citizen. Thanks to @homakov!"

The Twitter handle belongs to Egor Homakov, a security researcher with a penetration testing group called Sakurity, which does freelance consulting.

Homakov's spoof message didn't actually appear on Vladimir Putin's website. Instead, Homakov found a trick that allowed him to modify content delivered to a user from Google Translate, which he describes on his blog.

Interestingly, Homakov and Google agree that his finding isn't actually a security issue per se. "As the researcher implied at the end of his original blog post, this is really not a security vulnerability," according to a statement from a Google spokeswoman.

Instead, Homakov uses JavaScript to manipulate the way Google serves translated content from an original, untranslated page.

When Google translates something, it returns the content in a hosted, separate sandboxed domain: "translate.googleusercontent.com." It allows third-party scripts to run in that domain, which would allow, for example, Homakov to modify the content.

Google, which rewards security researchers for finding certain kinds of software flaws, advises that it doesn't pay for cross-site scripting vulnerabilities in the ".googleusercontent.com" domain.

The company said it maintains a number of domains that use the same-origin policy, a complicated set of conditions intended to allow interactions between sites in the same domain but prevent meddling from other sources.

In the case of ".googleusercontent.com," Google says that "unless an impact on sensitive user data can be demonstrated, we do not consider the ability to execute JavaScript in that domain to be a bug."

Still, Homakov's trick is amusing, no less because Snowden, a former NSA contractor who has released batches of sensitive material documenting U.S. government surveillance efforts, is still marooned in Russia while he tries to secure asylum.

Homakov's experiment also proves that users may want to be cautious when using Google Translate: If the content is nearly unbelievable, it might be best to find a native speaker to confirm the translation.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


16.00 | 0 komentar | Read More

Flash breakthrough promises faster storage, terabytes of memory

In the ongoing quest for faster access to data, Diablo Technologies has taken what could be a significant next step.

Diablo's Memory Channel Storage (MCS) architecture, expected to show up in servers shipping later this year, allows flash storage components to plug into the super-fast channel now used to connect CPUs with memory. That will slash data-access delays even more than current flash caching products that use the PCI Express bus, according to Kevin Wagner, Diablo's vice president of marketing.

The speed gains could be dramatic, according to Diablo, helping to give applications such as databases, big data analytics and virtual desktops much faster access to the data they need most. Diablo estimates that MCS can reduce latencies by more than 85 percent compared with PCI Express SSDs (solid-state disks). Alternatively, the flash components could be used as memory, making it affordable to equip servers terabytes of memory, Wagner said.

Other than on-chip cache, the memory channel is the fastest route to a CPU, Wagner said. Not only do bits fly faster over this link, there are also no bottlenecks under heavy use. The connection is designed to be used by many DIMMs (dual in-line memory modules) in parallel, so each component doesn't have to relinquish the bus for another one to use it. That saves time, as well as CPU cycles that would otherwise be used managing the bus, Wagner said.

The parallel design of the memory bus also lets system makers scale up the amount of flash in a server without worrying about diminishing returns, he said. A second MCS flash card will truly double performance, where an added PCIe SSD could not, Wagner said.

Diablo, which has been selling memory controllers for about 10 years, has figured out a way to use the standard DDR-3 interface and protocols to connect flash instead of RAM to a server's CPU. Flash is far less expensive than RAM, but also more compact. The MCS components, which come in 200GB and 400GB sizes, will fit into standard DIMM slots that typically accommodate just 32GB or so of memory. The only adaptation manufacturers will need to make is adding a few lines of code to the BIOS, Wagner said.

Enterprises are more likely to use MCS as high-capacity memory than as low-latency storage, said analyst Jim Handy of Objective Analysis.

"Having more RAM is something that a lot of people are going to get very excited about," Handy said. His user surveys show most IT departments automatically get as much RAM as they can for their servers, because memory is where they can get the fastest access to data, Handy said.

"Basically, you'd like everything to be in the RAM," Handy said. Virtualized data centers, where many servers need to share a large set of data, need a shared store of data. But in other applications, especially with databases and online transaction processing, storage is just a cheaper and more plentiful -- but slower -- alternative to memory. "Everything that's on the storage is there just because it can't fit on the RAM," he said.

To implement the MCS architecture, Diablo developed software and a custom ASIC (application-specific integrated circuit), which it will sell to component vendors and makers of servers and storage platforms. Flash vendor Smart Storage Systems, which earlier this month agreed to be acquired by SanDisk, will be among the companies using the MCS technology, Wagner said. In addition, a tier-one server vendor is preparing about a dozen server models with the technology and will probably ship the first of them this year, Walker said.

For the most part, Diablo doesn't expect consumers or small enterprises to install MCS flash on their own computers. However, Diablo may work directly with enterprises that have very large data centers they want to accelerate, he said.

Using MCS flash to supplement DRAM would dramatically reduce the per-gigabyte cost of memory but also would allow for further consolidation of the servers in a data center, Wagner said. A large social networking company with 25,000 servers analyzed the MCS technology and said it would make it possible to do the same amount of work with just 5,000 servers.

That's because the current DRAM-only servers can be equipped with just 144GB of memory, but MCS would allow each server to have 16GB of DRAM and 800GB of flash. With that much memory, each server can do more work so fewer are needed, Wagner said. Fewer servers would mean savings of space and energy, which would translate into lower costs, he said.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com


16.00 | 0 komentar | Read More

Yale grad's 'Prism' program turns text metadata into wavy art

What if the NSA took your text message metadata and made a flowing, colorful diagram with a timeline?

The U.S. spy agency -- probably -- doesn't do that. But a 22-year-old Yale graduate, Bay Gross, was actually inspired by the U.S. government's Prism surveillance program revealed by whistle-blower Edward Snowden.

Gross, who just started working at Google in New York on Monday, created an application he describes as "part data, part art" that analyzes a person's own SMS messages and lays them out in a rainbow wave. Appropriately, he named it "Prism."

Prism, which works on Mac OS, draws the SMS metadata from the user's own unencrypted backups within iTunes. It pulls who was texted and when and plots the data in a "Streamgraph," a type of stacked graph developed by Lee Byron, who is an interactive information designer with Facebook.

Byron, who was a graphics intern with the New York Times in 2008, developed a Streamgraph for the newspaper that displayed box office revenues for films. The graphic drew praise and criticism due to its unorthodox approach.

Streamgraphs emphasize the "legibility of individual layers, arranging the layers in a distinctively organic form," according to an academic paper authored by Byron and Martin Wattenberg.

Gross says from an analytical view the Streamgraph is "kind of useless." The y-axis, for example, which appears to represent volume of texts to a recipient, is "completely made up."

But Prism does enable a more emotive or romantic view of data. The x-axis, which represents time, can show the degree to which some relationships are zero sum or even seasonal, Gross said. You can see, for example, how some texting relationships start fast and furious but atrophy to a meager small stream.

The application doesn't show the content of the messages. Gross has also put in a feature where the graphs created by Prism can be exported but minus people's names. The graph can be manipulated using a variety of parameters, such as by date, popularity and frequency of contact.

Prism is a desktop application for Mac. Apple lets people encrypt their iPhone backups on a computer, but Prism needs access to an unencrypted backup. All of the processing is done on a person's computer, and nothing is sent to a remote server, Gross said.

Apple rejected Prism from inclusion in its App Store, but Gross said that's due to the company's strict guidelines for its store. However, Prism is a certified developer application.

Prism is free as part of its launch, but will eventually cost US$0.99.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


16.00 | 0 komentar | Read More

Google Play store inundated with scam apps, Symantec says

Written By Unknown on Senin, 29 Juli 2013 | 16.01

A steady stream of questionable applications is flowing daily into Google's Play store for Android devices, according to security vendor Symantec.

Over the last seven months, Symantec found more than 1,200 suspicious applications in the Play store. Google removes many shortly after they're published, but others stay in the store for a few days.

"Although they have short lives, the apps must provide ample profit for the scammers as they show no signs of halting their development of new ones," wrote Joji Hamada of Symantec.

The applications can be difficult to assess and employ a series of maneuvers and layers in order to attempt to rip off users.

Hamada wrote one application aims to get users to subscribe to an online adult video site at a cost of more than US$3,000 a year. The application's sole purpose is to launch a link to an adult website.

The website then asks the user to register in order to play videos. An email form is drafted, and the user is asked to hit send. The email, sent to the user, contains a link to another service on a different website.

This time, the user is prompted to enter a password. If that button is clicked, the phone is supplied with a number. When called, the number gives out a password. The person is then given registration details and told of a ¥315,000 ($3,200) annual fee that is due within three days.

Applications that launched only links "can be almost impossible for any system to confirm anything malicious," Hamada wrote.

"The manual steps required in this scam is another strategy used to keep the apps on the market as long as possible," Hamada wrote. "Human analysis may be the only way to discover these sorts of apps."

Apple closely examines applications submitted for its App Store, which has kept its marketplace relatively free of malware. Google also scans applications in the Play store. It also added a feature to the latest 4.3 version of the Android OS that scans any application for malicious code.

More than 100 applications similar to the adult videos one have been published on Google Play since the beginning of the month, Hamada wrote. Thirty applications from three developers are still in the market.

Symantec informs Google when it finds such applications, he wrote, but the scam applications flow into Play daily. Many of the applications float into some of the top keyword searches, apparently as the result of abuse of Play's search function.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


16.01 | 0 komentar | Read More

US patent office rejects claims of Apple 'pinch to zoom' patent

The U.S. Patent and Trademark Office has rejected claims of an Apple patent that figures prominently in a patent infringement lawsuit against Samsung Electronics, according to documents filed by the South Korean company in a U.S. federal court.

The 21 claims of the patent were rejected by the USPTO in a "final office action," as they were anticipated by previous patents or unpatentable. Known as the "pinch-to-zoom" patent, it covers the ability to distinguish between the scrolling movement of one finger and two-fingers gestures like pinch-to-zoom on a touch-screen to activate certain functions.

Apple has up to two months to respond to the USPTO decision. In a filing in April after USPTO rejected multiple claims of another patent in a similar final office action, Apple said it had further options, including appeal to the Patent Trial and Appeal Board and seeking judicial review.

Claim eight of the patent was involved in Apple's lawsuit against Samsung in the court, according to a filing Sunday by Samsung in U.S. District Court for the Northern District of California, San Jose Division. A jury last August awarded Apple US$1.05 billion in damages, but the court has ordered a partial retrial to review the damages to be paid to the iPhone maker.

The jury found at trial that 21 of 24 Samsung smartphones and tablets infringed claim 8 of U.S. Patent No. 7,844,915 ('915 patent), Samsung said in its filing on Sunday. The claim relates to "determining whether the event object invokes a scroll or gesture operation by distinguishing between a single input point applied to the touch-sensitive display that is interpreted as the scroll operation and two or more input points applied to the touch-sensitive display that are interpreted as the gesture operation," according to a USPTO document filed in the court by Samsung.

The USPTO ruled claim eight was anticipated in U.S. Patent No. 7,724,242 awarded to Daniel W. Hillis and Bran Ferren. "Hillis teaches distinguishing the number of contact points and determining whether the event object matches a gesture pattern," the USPTO wrote in its decision.

The USPTO rejected in April multiple claims of another patent that figured in the lawsuit, known as "overscroll bounce" patent. Apple, however, said in a filing that the reexamination is not finished, and it is entitled to file a response to the action which may result in a withdrawal of the rejection or certification of the claims under reexamination.

The company also raised the possibility that it may appeal to the Patent Trial and Appeal Board, and if unsuccessful, may seek judicial review in the U.S. Court of Appeals for the Federal Circuit or the U.S. District Court for the District of Columbia. A similar filing is likely from Apple in connection with the rejection of the '915 patent, even as Samsung is expected to argue for lower damages. The jury awarded damages to Apple with regard to all but two products found to infringe the '915 patent, Samsung said in its filing.


16.01 | 0 komentar | Read More

Apple supplier Pegatron slammed for alleged labor abuses in China

Apple supplier Pegatron is facing criticism from a watchdog group for poor working conditions at its factories in China.

The Taiwanese electronics maker came under fire for allegedly violating Chinese labor laws with the publication Monday of a new 60-page report from New York-based China Labor Watch that documents conditions at the factories.

The alleged violations include unfairly deducting or failing to pay wages, providing insufficient worker training, and making overtime work mandatory, among others.

The report also questioned Apple's efforts to cap the work week at its supplier factories to 60 hours. China Labor Watch's investigation found that the hours ranged from 66 to 69 hours at the facilities, and that Pegatron was allegedly falsifying worker attendance to keep the reported hours down.

There have been rumors that Pegatron will make a budget iPhone for Apple.

China Labor Watch, which has been critical of Apple and Samsung for their labor policies in China, investigated three Pegatron factories in China, one of which it claims is building the budget version of the iPhone. From March to July of this year, the group sent undercover investigators to work at the factories and interview nearly 200 employees.

Apple has been in "close contact" with China Labor Watch over the last several months, and is investigating the reported issues, the company said in a statement Monday.

Since 2007, the U.S. tech giant has conducted 15 audits of Pegatron facilities covering more than 130,000 workers, Apple said. In the past 18 months, surprise audits were made at two of the Pegatron factories named in China Labor Watch's report.

"Our most recent survey in June found that Pegatron employees making Apple products worked 46 hours per week on average," Apple added. The company, however, is sending teams to investigate the three Pegatron facilities this week, and is requiring the Taiwanese manufacturer to reimburse workers for any instances of unpaid compensation.

Pegatron is also investigating the claims and will correct any violations found, the company's CEO Jason Cheng said in a statement. "We strive to make each day at Pegatron better than the last for our employees. They are the heart of our business," he said.

China Labor Watch had previously accused the company of poor working conditions last year as it was meeting orders for the iPad Mini. In 2011, Pegatron also gained media attention after an explosion at a factory in Shanghai sent 61 workers to hospital.

In its latest report, the watchdog group claimed Pegatron had failed to create "effective grievance channels" so that workers could voice their concerns to management. A pregnant woman was also found logging overtime hours, a violation of Chinese labor laws, the group said.

Pegatron, however, said the company has spent the last two years establishing multiple channels so that workers can communicate their needs. "In addition, Pegatron helps create the educational programs including parenting seminars for pregnant workers, management courses, and accredited higher education classes," the company added.

Apple and its suppliers have for years now faced criticism for working conditions at iPhone and iPad factories in China. But the U.S. company has pledged to protect its workers and provide a fair working environment for them. Last year, Apple invited the Fair Labor Association, to conduct audits of select factories of its supplier Foxconn Technology Group.

In May, the Fair Labor Association said Foxconn was making progress to improve conditions at the factory, but that working hours at the facility still exceed Chinese legal limits.


16.01 | 0 komentar | Read More

Dish is likely eyeing new acquisitions after losing Sprint

Written By Unknown on Minggu, 28 Juli 2013 | 16.00

As the dust settles after SoftBank's $21.6 billion acquisition of Sprint, losing bidder Dish Network may be just getting started at stirring up the U.S. mobile industry.

The satellite TV and Internet provider tried to buy Sprint and Clearwire but failed in both efforts when SoftBank closed its own deal to become the third-biggest mobile operator in the U.S. But led by an aggressive chairman and facing a lackluster satellite TV industry, Dish still has incentives to break into mobile and may do it through a new type of partnership or network, analysts say.

Mobile services and apps are growing a lot faster than TV or relatively slow, expensive satellite Internet. That's partly why Dish has amassed two chunks of land-based mobile spectrum and may be trying to scoop up more. Spectrum is the lifeblood of mobile, and Dish seems intent on becoming a player one way or another.

"If they don't have some form of a wireless play, then it's very hard for them to survive longer term," said Chetan Sharma, founder of Chetan Sharma Consulting. That's because consumers are increasingly watching video online rather than over broadcast, cable or satellite TV. In fact, the U.S. consumer satellite industry may soon shrink, with Dish possibly acquiring DirecTV, analysts say.

Amassing the structure

Dish has two kinds of spectrum that are approved for commercial mobile use: a block of frequencies it bought in the FCC's 700MHz auction in 2008, and the so-called AWS-4 frequencies it acquired by buying two bankrupt satellite companies in 2011. If Dish succeeds in buying another bankrupt satellite company, LightSquared, it would have yet another set of frequencies it might be able to use for cellular services. Dish Chairman Charlie Ergen reportedly has already bought a large part of LightSquared's debt, and Dish is now offering $2.2 billion for the company.

But in the cellular world, Dish isn't likely to build its own network, a project that would cost billions and might take years. Instead, the company will probably keep trying to buy or partner with an existing operator, analysts say. That would be a quicker and cheaper way to put its frequencies to work, which the company will have to do in order to keep its spectrum licenses.

An existing carrier could add equipment for Dish's spectrum to its cell sites and then offer new devices to its customers to take advantage of those bands. Dish's video business could also be a plus, with opportunities to bundle or cross-promote it with mobile services.

"The logical next step for Dish would be to partner with a service provider like T-Mobile to build out in their spectrum," said Phil Marshall of Tolaga Research. Though AT&T is also considered a candidate to work with Dish, analysts say fourth-place T-Mobile is the most likely candidate because it has the most to gain.

Eying another acquisition?

However, if it's looking to make a deal, Dish doesn't hold all the cards. Sprint is now bigger and richer than it used to be, but it still has only about half as many customers as its bigger rivals. Some analysts expect Sprint to make a grab for T-Mobile, finally making Sprint a powerhouse to truly rival AT&T and Verizon Wireless. A behemoth like that wouldn't need Dish's spectrum.

To head off that possibility, Dish is likely to bid for T-Mobile itself, and soon, according to Sharma.

"If Dish is really serious about the wireless market it has to make a move in the next six months. Otherwise, as time goes on, SoftBank's positioning to acquire T-Mobile becomes stronger," Sharma said. He thinks Dish knows this and sparked bidding wars for Sprint and Clearwire just to make SoftBank pay more for its entry into the U.S.

Having put together a $25.5 billion bid for Sprint, Dish could probably afford to buy the smaller T-Mobile. But even if it did, Sharma thinks the buyouts wouldn't end there. Most countries' mobile industries consolidate down to three main players, and the U.S. is likely to follow suit, he said. In time, Sprint might turn the tables on its former suitor and buy out the combined Dish and T-Mobile.

Dish also has another asset that might come into play in a partnership or acquisition, according to analyst Tim Farrar of TMF Associates. That's the satellite dishes on top of current Dish subscribers' homes.

Leveraging current gear for its next play

Here's how those might come into play, according to Farrar:

Dish's AWS-4 spectrum would be hard to use for service directly to cellphones because other carriers don't use it, he said. "Dish doesn't want to have to go and pay Apple to put AWS-4 on the next iPhone," Farrar said.

Instead, Dish could use that spectrum for a fixed wireless broadband service to the homes of its current subscribers, which they would receive on a modified version of the satellite dishes they already have on their roofs. Equipped with an added antenna for the new service, those dishes could receive signals from large AWS-4 cell towers placed five to eight miles apart, Farrar said.

Clearwire tried a similar approach with its WiMax network and an earlier, pre-standard system, but it needed more towers because it had to penetrate walls to reach indoor modems, he said. Dish's outdoor gear is perfectly positioned, he said. "The main gain you've got is that you're outside and on the roof," Farrar said. The dishes already have coaxial cable going into the homes, so there's no need to rewire, he said.

Meanwhile, the modified dishes could also serve as small cell towers providing cellular service in the areas around homes, with the longer-range network serving as backhaul, he said. That network of small cells could either use spectrum that Dish acquired by buying a mobile operator or host the spectrum of a partner carrier. AT&T or T-Mobile might pay good money to get access to all those dishes, Farrar said.

"Even without owning a mobile company, Dish could effectively be a tower company," he said. If just 10 percent of its customers agreed to have the service operate from their roofs, Dish could offer a carrier 1.4 million new cell sites for better coverage and capacity. "It's purely an issue of finding the right partner and the right commercial deal to make this happen."

Even if none of these schemes works out, today's red-hot mobile market will probably be a winner for Dish, which bought its desirable 700MHz spectrum five years ago and persuaded the government to let it use former satellite bands for terrestrial mobile.

"If everything fails, they might just sell the spectrum," Recon's Entner said.


16.00 | 0 komentar | Read More

Review: Hover Zoom expands images without extra clicking

Hover Zoom is one of the best and most useful browser plugins in existence...provided you use the Chrome browser, as it is not available for anything else.  It allows you to move your mouse over a small picture and instantly magnify it, without clicking or opening anything.

Shown here on a Facebook feed, Hover Zoom quickly shows bigger versions of thumbnail images.

This free extension from Romain Vallet works on many popular sites, including Facebook, Flickr, Reddit, and Twitter.

The automatic upsizing can get annoying when you mouse over an image by accident, though. To prevent this, you can either specify a time delay before the plugin kicks in, or you can activate the plugin by means of a keyboard shortcut only.

Note: The Download button takes you to the Chrome store, install this software directly into your Chrome browser.

Thank you for sharing this page.

Sorry! There was an error emailing this page


16.00 | 0 komentar | Read More

Global cybercrime costs billions, new estimates suggest

Cybercrime and espionage could be costing the world between $70 billion and $400 billion a year from a total global economy of $70 trillion, a new estimate by the Center for Stategic and International Studies (CSIS) has calculated.

In the context of the U.S. economy, the damage caused by it is possibly equivalent to 500,000 jobs displaced but in truth the McAfee-sponsored study The Economic Impact of Cybercrime and Cyber Espionage admits that even coming up with these numbers is prone to be defeated by a raft of imponderables.

Seeking clearer estimates

What the researchers were determined to do was calculate the negative effects using something more substantial than the unsatisfactory surveys often used by security vendors to describe cybercrime, the CSIS said.

The first context is, what do other negatives cost economies? In the U.S., for instance, car crashes cost somewhere between $99 billion and $168 billion a year, depending on which official estimate and year is used. Similarly, illegal drug trafficking is a $600 billion global industry.

Set against these vast numbers, the losses from cybercrime look less alarming although in the case of the car industry not all the costs will be losses; fixing cars and buying new ones generates income for other types of business in ways that cybercrime doesn't.

Cybercrime's main unintended economic benefit has been to prime the global security industry, the size of which is a separate topic.

What the CSIS's difficulties in coming up with accurate figures suggest is that the task might be nearly impossible. Direct effects are hard enough to model let alone indirect ones.

A second points is that using selective estimates based on surveys—wheeled out by governments in particular—is almost certainly misleading.

"We believe the CSIS report is the first to use actual economic modeling to build out the figures for the losses attributable to malicious cyber activity," said Mike Fey, executive vice president and chief technology officer at McAfee.

"Other estimates have been bandied about for years, but no one has put any rigor behind the effort. As policymakers, business leaders and others struggle to get their arms around why cyber security matters, they need solid information on which to base their actions."

Measuring missed opportunities

Or is conceiving of "costs" as losses the wrong way to approach the whole issue? The CSIS suggests that we view cybercrime losses in the same way we view losses from other activities, as something tolerated to access the benefits.

The alternative, then, is to worry less about the sums of money involved so much as the scope of the actual effects themselves. Cybercrime's damage is as much psychological as fixed in dollars.

For example, Chinese espionage and intellectual property theft might not generate huge losses for the U.S. economy per se but could still warp relative economic performance in significant ways.

"Using figures from the Commerce Department on the ratio of exports to US jobs, we arrived at a high-end estimate of 508,000 jobs potentially lost from cyber espionage," said James Lewis, co-author and CSIS director.

"As with other estimates in the report, however, the raw numbers might tell just part of the story. If a good portion of these jobs were high-end manufacturing jobs that moved overseas because of intellectual property losses, the effects could be more wide ranging," he said.

What is clear is that whatever it is costing, cybercrime didn't exist 15 years ago and its rapid rise must be having some effect. A 2012 report from Moscow-based Group-IB found that cybercrime had mushroomed during 2011 into a $12.5 billion industry in terms of its income stream. Russian-speaking countries accounted for around a third of that total.


16.00 | 0 komentar | Read More

Why Internet Explorer 11 is the right browser for business

Written By Unknown on Sabtu, 27 Juli 2013 | 16.01

Today, Microsoft released a Developer Preview version of IE 11 for Windows 7. Newer doesn't always equal better, but IE 11 has some power under the hood that business users will benefit from.

To some extent, a browser is a browser. They all render and display content from the Web. However, since IE 8 Microsoft has invested significant effort and resources to push the envelope and expand the browser's capabilities. In a world where business is increasingly done online and in the cloud, it makes sense to have a browser that can deliver rich content and interactivity.

Internet Explorer 11 continues to push the envelope of
what a browser is capable of.

The Internet Explorer 11 Developer Preview for Windows 7 is very similar in scope and function to its Windows 8.1 sibling. Microsoft has tweaked performance, improved support for emerging Web standards, and expanded the ability to deliver an immersive experience from within the browser.

In IE 11, JavaScript runs 50 percent faster than in Chrome. It has improved support for HTML 5 features like drag and drop that will allow cloud-based tools like Microsoft's SkyDrive and Office Web Apps to work more intuitively. IE 11 also supports WebGL for delivering smooth, 3D graphics over the Web.

A blog post from Microsoft explains some of the benefits of IE 11: "IE11 is the first browser to natively decode JPG images in real-time on the GPU, so pages load faster and use less memory, reducing power consumption and improving battery life. IE11 is also the first browser to render text on the GPU. Text and images are the heart of the Web, and accelerated text and JPG performance impacts nearly every page you see."

More and more business is done through a Web browser. The fact is, for many business users and consumers, the Web browser is by far the single most-used application on the PC.

As I said at the beginning, a browser is a browser in most scenarios. Some support protocols or formats that others don't, but as long as you're using the latest version of each they're all very similar. There's always one that can claim to be the fastest, but we're generally talking a millisecond here or there, and that torch is frequently passed among the major browsers.

There's a new Web, though—Web 3.0. Web 1.0 was about simply displaying static HTML pages. Web 2.0 introduced interactivity, user-generated content, and Web applications. Now, we're entering the Web 3.0 phase, the "intelligent Web" era of ubiquitous connectivity, data mining, and artificial intelligence.

The new Web requires new Web tools, and new Web tools need a browser capable of rendering and displaying the content. Microsoft is leading the way with Internet Explorer. You can check out Internet Explorer 11 for Windows 7 by downloading and installing the Developer Preview.


16.01 | 0 komentar | Read More

What's next for Dish after losing out on Sprint?

As the dust settles after SoftBank's US$21.6 billion acquisition of Sprint, losing bidder Dish Network may be just getting started at stirring up the U.S. mobile industry.

The satellite TV and Internet provider tried to buy Sprint and Clearwire but failed in both efforts when SoftBank closed its own deal to become the third-biggest mobile operator in the U.S. But led by an aggressive chairman and facing a lackluster satellite TV industry, Dish still has incentives to break into mobile and may do it through a new type of partnership or network, analysts say.

Mobile services and apps are growing a lot faster than TV or relatively slow, expensive satellite Internet. That's partly why Dish has amassed two chunks of land-based mobile spectrum and may be trying to scoop up more. Spectrum is the lifeblood of mobile, and Dish seems intent on becoming a player one way or another.

"If they don't have some form of a wireless play, then it's very hard for them to survive longer term," said Chetan Sharma, founder of Chetan Sharma Consulting. That's because consumers are increasingly watching video online rather than over broadcast, cable or satellite TV. In fact, the U.S. consumer satellite industry may soon shrink, with Dish possibly acquiring DirecTV, analysts say.

Dish has two kinds of spectrum that are approved for commercial mobile use: a block of frequencies it bought in the FCC's 700MHz auction in 2008, and the so-called AWS-4 frequencies it acquired by buying two bankrupt satellite companies in 2011. If Dish succeeds in buying another bankrupt satellite company, LightSquared, it would have yet another set of frequencies it might be able to use for cellular services. Dish Chairman Charlie Ergen reportedly has already bought a large part of LightSquared's debt, and Dish is now offering $2.2 billion for the company.

But in the cellular world, Dish isn't likely to build its own network, a project that would cost billions and might take years. Instead, the company will probably keep trying to buy or partner with an existing operator, analysts say. That would be a quicker and cheaper way to put its frequencies to work, which the company will have to do in order to keep its spectrum licenses.

An existing carrier could add equipment for Dish's spectrum to its cell sites and then offer new devices to its customers to take advantage of those bands. Dish's video business could also be a plus, with opportunities to bundle or cross-promote it with mobile services.

"The logical next step for Dish would be to partner with a service provider like T-Mobile to build out in their spectrum," said Phil Marshall of Tolaga Research. Though AT&T is also considered a candidate to work with Dish, analysts say fourth-place T-Mobile is the most likely candidate because it has the most to gain.

However, if it's looking to make a deal, Dish doesn't hold all the cards. Sprint is now bigger and richer than it used to be, but it still has only about half as many customers as its bigger rivals. Some analysts expect Sprint to make a grab for T-Mobile, finally making Sprint a powerhouse to truly rival AT&T and Verizon Wireless. A behemoth like that wouldn't need Dish's spectrum.

To head off that possibility, Dish is likely to bid for T-Mobile itself, and soon, according to Sharma.

"If Dish is really serious about the wireless market it has to make a move in the next six months. Otherwise, as time goes on, SoftBank's positioning to acquire T-Mobile becomes stronger," Sharma said. He thinks Dish knows this and sparked bidding wars for Sprint and Clearwire just to make SoftBank pay more for its entry into the U.S.

Having put together a $25.5 billion bid for Sprint, Dish could probably afford to buy the smaller T-Mobile. But even if it did, Sharma thinks the buyouts wouldn't end there. Most countries' mobile industries consolidate down to three main players, and the U.S. is likely to follow suit, he said. In time, Sprint might turn the tables on its former suitor and buy out the combined Dish and T-Mobile.

Dish also has another asset that might come into play in a partnership or acquisition, according to analyst Tim Farrar of TMF Associates. That's the satellite dishes on top of current Dish subscribers' homes.

Here's how those might come into play, according to Farrar:

Dish's AWS-4 spectrum would be hard to use for service directly to cellphones because other carriers don't use it, he said. "Dish doesn't want to have to go and pay Apple to put AWS-4 on the next iPhone," Farrar said.

Instead, Dish could use that spectrum for a fixed wireless broadband service to the homes of its current subscribers, which they would receive on a modified version of the satellite dishes they already have on their roofs. Equipped with an added antenna for the new service, those dishes could receive signals from large AWS-4 cell towers placed five to eight miles apart, Farrar said.

Clearwire tried a similar approach with its WiMax network and an earlier, pre-standard system, but it needed more towers because it had to penetrate walls to reach indoor modems, he said. Dish's outdoor gear is perfectly positioned, he said. "The main gain you've got is that you're outside and on the roof," Farrar said. The dishes already have coaxial cable going into the homes, so there's no need to rewire, he said.

Meanwhile, the modified dishes could also serve as small cell towers providing cellular service in the areas around homes, with the longer-range network serving as backhaul, he said. That network of small cells could either use spectrum that Dish acquired by buying a mobile operator or host the spectrum of a partner carrier. AT&T or T-Mobile might pay good money to get access to all those dishes, Farrar said.

"Even without owning a mobile company, Dish could effectively be a tower company," he said. If just 10 percent of its customers agreed to have the service operate from their roofs, Dish could offer a carrier 1.4 million new cell sites for better coverage and capacity. "It's purely an issue of finding the right partner and the right commercial deal to make this happen."

Even if none of these schemes works out, today's red-hot mobile market will probably be a winner for Dish, which bought its desirable 700MHz spectrum five years ago and persuaded the government to let it use former satellite bands for terrestrial mobile.

"If everything fails, they might just sell the spectrum," Recon's Entner said.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com


16.01 | 0 komentar | Read More

Drone show attendees flock to new $700 model

3D Robotics gave a sneak preview of a comparatively cheap consumer drone at an unmanned aircraft convention in San Francisco this week.

The company's new quadcopter, or four-rotor helicopter, can be controlled from a tablet running an Android flight system or other similar app. The as-yet-unnamed drone will cost about US$700 and is aimed at an audience of hobbyists, even wedding photographers, who could attach a camera to the front and get sweeping shots from the sky.

You can see an IDG News Service video of 3D Robotics engineers flying two drones here.

"I think the bigger market is people who just want to do stuff, regular people like you or I," said Brandon Basso, a research and development engineer at 3D Robotics.

Some people attending the conference were there to learn how to implement drones for search and rescue.

"I'm not saying that a person can be replaced in the cockpit yet, but you can fly some of these (drone) missions at about a tenth of the cost, and you can fly them in weather where a human pilot wouldn't be out," said Colin Loring, a volunteer search and rescue pilot from Greenville, S.C. He intends to buy a drone for his group within a few months.

Larger commercial-sized drones were displayed but not flown at the convention. Drone maker MLB brought its V-Bat UAV vertical take-off and landing drone, as well as the Super Bat, which is made of Kevlar and has cameras with target tracking and 20X zoom lenses. Prices for those drones start around $120,000.

A national drone convention is slated for Aug. 12-15 in Washington, D.C. The California event's organizers say it's possible that the D.C. meeting will have protestors demonstrating outside against military applications of drones.


16.01 | 0 komentar | Read More

Apple in China recommends use of official power adapters for iPhone

Written By Unknown on Jumat, 26 Juli 2013 | 16.01

Apple is advising its customers in China to use the company's official USB power adapters when recharging their devices, as police continued on Friday investigations into the death by electrocution of a local woman that may be linked to an iPhone.

The company has updated its China-based website to include a new page detailing the company's different USB power adapters.

"Apple has always put user's security first, and as result all our products have gone through rigorous security and reliability testing," the page said. "They are also designed in compliance with government safety standards around the world."

The company posted the page about two weeks after a 23-year-old woman named Ma Ailun had been found dead by electrocution. Family members suspect Ma's recharging of her iPhone may have caused her death, according to local Chinese reports.

Apple has said it is investigating the matter and is cooperating with authorities. The company did not immediately comment on Friday.

Internet users in China have expressed their suspicions that Ma may have been using a third-party power adapter with her iPhone. News video footage of the evidence in the case showed an iPhone 4 with visible burn marks on the side, along with what appears to be a USB power adapter not built from Apple.

Local police on Friday said they are still working on the case, without providing further details.


16.01 | 0 komentar | Read More

Open-source project, Crypton, seeks to make encryption easier

An open-source software project aims to give software developers a simple way to wrap encryption into their applications to thwart online surveillance efforts.

The project, called Crypton, comes from SpiderOak, a company known for its Dropbox-like online storage and synchronization service. SpiderOak differentiates itself by encrypting data in a such a way that none of its employees can access it, unlike Dropbox, where a few employees do have limited access to some kinds of data.

Crypton started out as an internal tool that SpiderOak needed for some of its other software projects, said CEO Ethan Oberman. The company wanted a way for data to be securely encrypted without the need for users to download a separate program.

SpiderOak also wanted to create an easy way for application developers to utilize encryption, which can be notoriously complex and prone to implementation errors.

"We wanted to develop more of a privacy platform that other developers and companies could use to integrate privacy in their applications without having to be cryptographers," Oberman said. "We want people to understand the power of privacy and understand it is not an interference and not an inhibitor to product development."

Crypton is essentially a framework that allows applications to encrypt data within a web browser before it is sent to a remote server.

Advancements in web browsers over the last few years have made Crypton possible. The JavaScript engines in web browsers are much more powerful and can handle intensive encryption tasks such as generating the key needed to lock and unlock encrypted data, Oberman said.

Users have peace of mind that even if a company was subpoenaed by a court, the company would not be able to decrypt the data, making it useless, Oberman said. The encryption keys remain on a user's computer.

The same approach is being used by Mega, the online storage service from Kim Dotcom that succeeded his controversial Megaupload service.

How secure data is from prying eyes and spies has become increasingly discussed after extensive U.S. government surveillance programs were revealed in June by former NSA contractor Edward Snowden.

"There are portions of our digital lives or our documents or things that are important to us that we do really want to retain privacy over," Oberman said.

SpiderOak plans to use Crypton for a secure instant messaging application and collaboration program it is working on, Oberman said. Crypton will work with desktop, web and mobile applications.

An early version of the code is on GitHub, and a more complete version should be available in about six weeks. SpiderOak plans to license it under the AGPL version 3, which allows people to use Crypton for open-source projects for free.

If a company wants to build a closed-source commercial service with Crypton and not contribute code changes back to the community, it can choose to pay SpiderOak a license fee, Oberman said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


16.01 | 0 komentar | Read More

Apple's smartphone market share drops to three-year low

Apple's share of the smartphone market dropped in the second quarter to its lowest level in three years, research firm Strategy Analytics said.

The share of the iPhone slipped to 13.6 percent in the quarter from 16.6 percent in the same quarter last year. The largest vendor Samsung Electronics, however, saw its share soar to over 33 percent from over 31 percent in the same period. Samsung shipped over two times the number of smartphones Apple did in the quarter, Strategy Analytics said.

Apple is at risk of being trapped between 3-inch Android smartphone models at the low end and 5-inch Android models at the high end, the research firm said Thursday. The market share of the iPhone in the second quarter was the lowest since the second quarter of 2010, it added. In contrast, Samsung saw strong demand in China and other countries for its flagship Galaxy S4 device, which helped increase volumes.

Sales of the iPhone hit 31.2 million in the April to June quarter, a record for the period, Apple said earlier this week. It had sold 26 million phones in the same quarter last year.

Overall, smartphone shipments grew 47 percent year-on-year to reach a record of 230 million units in the second quarter of 2013, Strategy Analytics said. LG had a share of 5.3 percent, while ZTE had 5 percent and Huawei Technologies had 4.8 percent of the smartphone market. The research firm listed other vendors as together having a share of 38.2 percent in the quarter.

IDC reported Thursday a 52.3 percent growth in the smartphone market with 238 million units shipped in the second quarter. Buyers may have postponed iPhone purchases expecting the launch of a next-generation device in the fall, it added. Apple's sales could accelerate globally if it launches a lower-cost iPhone and continues to penetrate prepaid markets in the quarters to come, IDC said.

The worldwide mobile phone market grew 6 percent year-over-year in the second quarter of 2013 to over 432 million units, according to IDC. Strategy Analytics said shipments reached 386 million units, an increase of 4 percent year-on-year.

The research firms did not immediately comment on the reason for the variations in their estimates.

Nokia's share dropped in the handset market to 15.8 percent as its shipments fell 27 percent to about 61 million in the second quarter, said Strategy Analytics. The Finnish vendor was hit by "fading Symbian smartphone volumes and lackluster feature phone demand," as it continued to struggle in the big three markets of China, U.S. and India, the research firm said.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com


16.01 | 0 komentar | Read More

How to Evaluate Moving Legacy Mission-Critical Apps to the Cloud

Written By Unknown on Kamis, 25 Juli 2013 | 16.01

Many enterprises are now planning to move a significant portion of their infrastructure to the cloud, says Dave LeClair, senior director of strategy at Stratus Technologies, a specialist in high availability solutions.

A recently released survey conducted by Stratus, North Bridge Venture Partners and GigaOM Research found that 75 percent of firms are now reporting the use of some sort of cloud platform, and the worldwide addressable market for cloud computing will reach $158.8 billion by 2013, an increase of 126.5 percent from 2011.

"Enthusiasm for the cloud continues to grow, moving beyond historical concerns such as security," LeClair says. "But, what is also clear from this year's results is for cloud adoption to continue accelerating beyond its current pace, companies are going to be looking to vendors to enable always-on infrastructures that support their more critical business applications in this new environment.

Companies need to take a hard look at which applications they are putting in the cloud, then, consider what's involved in managing this shift from a resource, skillset, cost and complexity standpoint, LeClair says. We know first-hand these considerations are not a one-size-fits-all answer and rewriting applications for the cloud will not be the solution in many cases."

Availability an issue for mission-critical apps in the cloud

The value proposition of moving applications to the cloud seems clear: It can vastly improve agility and the scalability of applications. In many cases, your mission-critical applications stand to benefit the most from cloud infrastructure. But availability remains the bugbear, LeClair says.

Clouds are architected for scale and elasticity, LeClair says. Individual cloud components may fail and not get replaced. Unless your application is designed to work around these failures with the architecture of the workload, you might run into a serious problem, he says.

"We're seeing a lot of basic applications moved over," he says. "We're seeing new applications being built in a cloud environment. But we're not seeing a lot of tier 1 applications moving over."

The high price of downtime of mission-critical apps

Downtime of a mission-critical application paralyzes a business. Just before Thanksgiving last year, for example, United Airlines suffered a nationwide glitch in the software that controls its ground operations, which caused a two-hour outage. That, in turn, caused United passenger delays and missed flights across the country. And on Christmas Eve, a malfunction in Amazon's AWS cloud infrastructure kept Netflix from streaming content to millions of customers just as they were sitting down to watch their favorite shows and movies.

According to research by the Aberdeen Group, the estimated average cost of downtime is now $138,888 per hour.

"Over 50 percent of IT decision makers want to have less than 30 minutes of downtime a year," LeClair says. "They're actually not getting anything close to that [in the cloud]. They're actually getting two 9s availability today. What they're asking for is four 9s or five 9s".

In the end, LeClair says, certain applications may simply never migrate to the cloud because the expense and risk doesn't justify it. They'll remain in bare metal, or even virtualized, noncloud environments. These applications may require dedicated hardware for performance or functionality reasons. Or perhaps regulatory compliance demands locked-down, secure environments.

Enterprises will have to evaluate each application case-by-case to determine whether it's best-suited to a physical environment, virtualized environment, private cloud, public cloud or hybrid cloud, he says. In every case, trade-offs will be required.

Three important availability considerations

The first step to take when considering any application deployment, LeClair says, is to evaluate the cost of downtime.

"Whether you're looking at a cloud-based opportunity or an on-premises opportunity, we really recommend that you know the cost of downtime of your applications," he says. "The cost of downtime can be measured in dollars, reputational damage-it can even be measured in loss of lives in the case of public safety applications. This lets you understand the level of availability you actually need to apply to these applications and how best to deploy them."

If you do decide to go the service provider route, LeClair says it's vital to examine the service level agreements (SLAs) closely to determine what actually happens if you don't get the availability you're promised.

"Some SLAs may say things like, 'we guarantee 100 percent uptime,' but look at the actual contract details," he says. "It might say, 'If we fail to meet that, we'll give you a 20 percent credit on next month's bill.' A typical tier 1 application may cost you $150,000 per hour of downtime and you're going to credit me 20 bucks? Great. The solutions need to be guaranteed at a much stronger level."

He notes that Stratus offers a $50,000 guarantee if customers suffer any downtime at all.

LeClair also says that it's also essential to consider data protection.

"It's one thing to protect the application at the transaction layer, but you also need to consider other kinds of downtime that can occur," he says. "What happens if a tsunami takes down my entire building? How far back do I need to back up my data?"

 


16.01 | 0 komentar | Read More

U.S. lawmakers vote against reining in NSA phone records collection

The U.S. House of Representatives Wednesday narrowly rejected an effort to stop the National Security Agency from collecting millions of U.S. residents' telephone records.

Late in the day, the House rejected a bipartisan amendment, with more than 30 co-sponsors, that would have prohibited the NSA from bulk collection of phone records from U.S. carriers and cut off funding for the phone records collection program as currently designed.

The amendment, considered as part of the Department of Defense Appropriations Act, would have allowed the NSA to continue collecting phone records of suspects, but only when relevant to an antiterrorism investigation. The NSA is part of the Defense Department.

House members who supported the amendment voted to "oppose the suspicionless collection of every American's phone records," said Representative Justin Amash, a Michigan Republican and chief sponsor of the amendment.

President Barack Obama's administration opposed the Amash amendment, saying it would take away a valuable antiterrorism tool, but libertarian-leaning Republicans and liberal Democrats teamed up to make the vote close. The final vote on the Amash amendment was 205 for and 217 against.

Opponents to the amendment argued it would kill a program the NSA has used to stop dozens of terrorist attacks. The amendment would "handcuff America and our allies," Representative Michele Bachmann, a Minnesota Republican, said.

The amendment would have ended the phone records collection program, added Representative Tom Cotton, an Arkansas Republican. "It blows it up," he said.

Supporters argued the amendment would allow the phone records collection program to continue on a more limited basis. Before collecting phone records, the NSA should get a specific court-ordered warrant, or "stay out of our lives," said Representative Ted Poe, a Texas Republican.

The House also voted overwhelmingly to approve another NSA amendment, from Representative Richard Nugent, a Florida Republican, that would largely restate the rules under which the NSA currently operates. The Nugent amendment would bar the NSA from using funds to target U.S. residents in an Internet surveillance program that currently focuses on foreign suspects.

Nugent's amendment would also prohibit the NSA from storing the content of communications in the telephone records collection program, but the NSA has said it is not collecting the contents of telephone calls under the program.

Groups on both sides of the NSA debate lobbied heavily before the vote on the Amash amendment. Digital rights groups Fight for the Future and Demand Progress asked members to contact their lawmakers and ask them to vote in favor of the amendment. Several conservative groups also voiced support.


16.01 | 0 komentar | Read More

Amazon Web Services files complaint in court over CIA contract

Amazon Web Services has filed a complaint in a U.S. court after the Government Accountability Office sustained in part a protest by IBM against the award of a contract by the CIA for a cloud computing project.

IBM had challenged the evaluation of proposals and the selection decision in the award of the CIA contract for commercial cloud services to AWS in Seattle, Washington.

The bid protest complaint filed by AWS on Wednesday in the U.S. Court of Federal Claims is under seal as some of the information contained in it is under a protective order from the GAO.

"We believe strongly that the CIA got it right the first time. Providing true cloud computing services to the intelligence community requires a transformative approach with superior technology," AWS said in an emailed statement.

"We believe that the CIA selected AWS based on AWS' technically superior, best value solution, which will allow the Agency to rapidly innovate while delivering the confidence and security assurance needed for mission-critical systems. We look forward to a fast resolution so the Agency can move forward with this important contract," it added, without providing information on what AWS is asking from the court.

Amazon is seeking a response by Sept. 23 to its complaint, according to the filing. The contract to AWS is said to be worth about $600 million, according to various reports.

Five companies including IBM, Microsoft, AT&T and Amazon, submitted proposals by closing time on July 13 last year. Protests by AT&T and Microsoft were found moot after the CIA amended its request for proposal (RFP) to remove contested mandatory qualification requirements. One unnamed company dropped out of the race.

The GAO in its ruling of June 6 said that IBM's protest was sustained because the evaluation of its price under one of the solicitation's price scenarios "was not calculated in such a way as to result in evaluation on a common basis," according to a redacted version of the ruling on the GAO website.

The GAO also found that the CIA relaxed a solicitation term only for AWS during post-selection negotiations, while rejecting a claim by IBM that the agency's evaluation of the past performance of a commercial cloud services provider improperly ignored information from news reports of service outages.

GAO recommended that the agency reopen the competition and amend the RFP as necessary to ensure that proposals "are prepared and evaluated on a common basis."

The CIA deal is important for AWS as it targets opportunities to set up clouds for governments in Europe, Australia and New Zealand.

The Amazon.com company already runs AWS GovCloud in the U.S. for government agencies, and plans to set up similar "mini-clouds" or gated configurations for governments around the world, Amazon CTO Werner Vogels said in an interview recently.


16.01 | 0 komentar | Read More

SEC charges Texas man with running Bitcoin Ponzi scheme

Written By Unknown on Rabu, 24 Juli 2013 | 16.00

A Texas man was charged on Tuesday in U.S. federal court with allegedly running a Bitcoin Ponzi scheme, allegedly siphoning the virtual currency from victims to pay for rent, food and gambling.

Trendon T. Shavers of McKinney, Texas, ran the Bitcoin Savings and Trust (BTCST), an investment scheme that promised 7 percent weekly returns from bitcoin trades intended to profit from market price differences in the virtual currency, according to a news release from the U.S. Securities and Exchange Commission.

Instead, the 30-year-old Shavers, who went by the "Pirate" and "pirateat40," on the popular Bitcoin Forum—is alleged to have used bitcoin investments from new investors to pay interest to early entrants to the scheme and cover withdrawals, the SEC said. He has been charged with violating parts of the Securities Act of 1933, the Securities Exchange Act of 1934 and the Exchange Act Rule.

Shavers allegedly collected 700,000 bitcoins from investors, which the SEC calculated was worth more than $4.5 million based on an average of bitcoin's market price in 2011 and last year. At Wednesday's market price, 700,000 bitcoins would be worth about $66 million.

More than 150,000 bitcoins were transferred to Shaver's personal bitcoin trading account, where he lost money in day trading, the SEC alleged. He also allegedly transferred $147,102 to his personal finance accounts, using the money to pay for rent, utilities, car expenses, food, retail purchases and gambling, the SEC alleged.

Shavers was dogged by accusations of whether his business was a Ponzi scheme. He denied it on the Bitcoin Forum in May 2012, and the scheme collapsed about three months later, according to the indictment.

The case, filed in U.S. District Court for the Eastern District of Texas, marks one of the first criminal prosecutions related to Bitcoin, a virtual currency launched in 2009. Bitcoin is still a very niche payment system, but it has gained steady interest, in part buoyed by wild swings in its price that garnered much media attention.

Various investment schemes promoted on the popular Bitcoin Forum over the years have been viewed with suspicion. Bitcoin transactions are irreversible, similar to using cash, and investors could be out-of-pocket if their funds disappear. Legal recourse against suspected bad actors may be difficult or impossible.

The SEC's announcement came as the agency issued an alert warning that fraudsters may use virtual currencies as part of bogus investment schemes.

"These schemes often promise high returns for getting in on the ground floor of a growing Internet phenomenon," the agency said in an advisory.


16.00 | 0 komentar | Read More

White House opposes amendment to curb NSA spying

The White House is opposed to an amendment to a defense spending bill that would limit spending on mass surveillance by the National Security Agency.

The amendment proposed by Rep. Justin Amash, a Republican from Michigan, would limit spending only to orders by the Foreign Intelligence Surveillance Court that collect phone and other data only of a person who is the subject of an investigation.

Former NSA contractor, Edward Snowden, disclosed through newspaper reports in June that the NSA was collecting phone metadata from Verizon customers in the U.S. as part of its surveillance which was said to include data collected from Internet companies as well.

The authorization to the NSA to collect phone metadata in bulk was last week renewed by the FISC court. The Department of Justice has said that it has to retain the bulk data required by its counterterrorism tools, as it need not be retained by telecommunications service providers.

The administration of President Barack Obama said Tuesday that it opposes "the current effort in the House to hastily dismantle one of our Intelligence Community's counterterrorism tools." "This blunt approach is not the product of an informed, open, or deliberative process," it added.

In line with his promise in June to have a debate on the issues thrown up by the disclosures of NSA surveillance, Obama has taken several steps including his meeting with the Privacy and Civil Liberties Oversight Board, and disclosures by the office of the Director of National Intelligence, according to a statement by the White House press secretary.

The amendment proposed by Amash would limit the collection of telephone numbers dialed, telephone numbers of incoming calls, and the duration of calls to that of the person under investigation.

Google, Microsoft and other Internet companies have sought clearance from the secret FISC court to disclose aggregate numbers of requests for customer data under the Foreign Intelligence Surveillance Act and related rules. The companies were said to have provided to the NSA access in real-time to content on their servers under a NSA program called Prism, which the companies have denied.

Earlier this week, the Department of Justice asked the FISC court for an extension of the time to respond to Microsoft and Google's motions before the FISC court for disclosure of aggregate data on FISA requests, stating that they needed additional time to negotiate with the two companies.

The U.S. House of Representatives is expected to vote on the amendment on Wednesday. Rights groups like the Electronic Frontier Foundation have described the Amash amendment as an important step in curbing domestic surveillance by the NSA. The White House has urged the House "to reject the Amash Amendment, and instead move forward with an approach that appropriately takes into account the need for a reasoned review of what tools can best secure the nation."

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com


16.00 | 0 komentar | Read More

SIM card vulnerabilities easy to fix, researcher says

A pair of severe security problems in millions of SIM cards should be easy for operators to fix, according to the German security researcher who found the issues.

Karsten Nohl of Security Research Labs in Berlin previewed research earlier this week that millions of SIM cards are likely still using an outdated, 1970s-era form of encryption to authenticate over-the-air (OTA) software updates.

Nohl found it was possible to trick some kinds of SIM cards into divulging an encrypted 56-bit DES (Data Encryption Standard) key, which can be decrypted using a regular computer. He discovered that by sending a bogus OTA update to a phone, some SIMs returned an error code containing the weak key.

A device could then be sent spyware which accesses critical phone data through the card's Java Virtual Machine, a software framework present on almost every SIM sold worldwide.

Nohl said in an interview Tuesday that 500 million phones, regardless of make, could be vulnerable, based on his sample of 1,000 SIM cards from a variety of operators, mostly in Europe.

But the weak encryption problem and mistake of returning an error code with a weak key can be fixed in the same way it can be exploited: through an OTA update.

SIM cards come in a wide variety of configurations. Operators will send manufacturers such as Gemalto specifications for SIM cards to be used on their network. Many SIM cards carry older configurations and technology, such as DES, that date back more than a decade, Nohl said.

For some vulnerable SIMs, it may be possible to switch off the DES encryption and turn on Triple DES, a more secure form of encryption that is now used, Nohl said.

Users won't even know their phones are updated, as operators frequently send out updates that are invisible to people using special SMS codes to change, for example, roaming settings, he said. An OTA update can also fix phones that return the revealing error message.

Operators can also make a key adjustment to their SMS centers, which process all SMS messages. Since the SMS codes carrying software updates are very specific, operators can adjust their firewalls to only allow those types of codes to be sent to their users if the codes originate from their servers, Nohl said.

Since so many operators are affected, Nohl said his lab contacted the GSM Association trade group with details of the research, which has issued advisories.

Although there was potential for arguments between operators and SIM card vendors over who was to blame, "everybody was extremely constructive in working to fix the problem, and there was no pointing fingers," Nohl said.

Nohl is due to give a full presentation on July 31 at the Black Hat security conference with more details on the SIM card issues and other vulnerabilities.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


16.00 | 0 komentar | Read More

Newer versions of LTE to make rapid advances, ABI says

Written By Unknown on Selasa, 23 Juli 2013 | 16.00

Emerging technologies for 4G LTE networks are expected to make rapid advances over the next few years, helping mobile networks keep up with data growth and bringing more users worldwide into the LTE fold.

By 2018, a majority of the world's LTE subscriptions will be on networks that use either TD (time-division) LTE or features from the emerging LTE-Advanced standard, according to an ABI Research forecast released on Monday.

At the same time that mobile operators are still expanding infrastructure based on FD (frequency-division) LTE, the earliest version of the high-speed mobile system, the two more recent technologies are fast making inroads, according to ABI analyst Nick Marshall. They may dominate networks of large, outdoor "macro" cells by 2015, Marshall said.

TD-LTE uses one band of frequencies to send traffic both downstream and upstream, while FD-LTE uses separate, equal-size bands for the two directions. TD-LTE makes LTE possible in countries that license so-called unpaired spectrum. It also lets operators dedicate more capacity to downstream traffic, such as Web and video content, than to upstream traffic such as photo uploads.

LTE-Advanced is another name for Version 10 of the LTE standard. All the major U.S. operators are expected to deploy elements of it over the next few years. LTE-Advanced will include options for bundling spectrum together, reducing interference among cells and helping big cell towers coordinate with smaller cells used in crowded areas. LTE-Advanced is expected to significantly increase network speeds, but it should also lead to fewer dropped calls and better quality of service for video, Marshall said. The upgrade will also help carriers make more efficient use of their spectrum.

By 2018, 34 percent of LTE subscriptions worldwide will be on networks with LTE-Advanced technology and 24 percent will be using TD-LTE, ABI estimated. At that point, 42 percent of LTE subscriptions will still be on FD-LTE networks using the current generation of technology, Release 8/9, Marshall said. At that time, there will be a total of nearly 1.5 billion LTE subscriptions worldwide, ABI estimates.

China Mobile has garnered much of the attention on TD-LTE because of its very large-scale plans for the technology, which have included deploying more than 20,000 base stations just in a trial network. In 2011, China Mobile formed a partnership with U.S. carrier Clearwire, a TD-LTE user now wholly owned by Sprint, to help generate an ecosystem for TD-LTE equipment and devices. But carriers in many other countries, including India, Japan and the U.K., also have unpaired spectrum and are adopting the system, Marshall said.

LTE-Advanced will come to networks in several waves of new technology, starting with so-called carrier aggregation, which allows mobile operators to bundle diverse frequencies into one virtual spectrum band for higher speeds. Carrier aggregation can be a big boon to carriers and is relatively easy to deploy compared with other aspects of LTE-Advanced, Marshall said.

Other elements of LTE-Advanced are likely to follow after carrier aggregation, though it's not clear how soon, Marshall said. Here are a few of the new features:

-- CoMP (coordinated multipoint transmission/reception), a technique for reducing interference between two macro cells in the area where their signals overlap

-- eICIC (enhanced inter-cell interference coordination) for preventing interference between a macro cell and multiple small cells that are deployed in the area it covers

-- higher-order MIMO (multiple in, multiple out) antenna systems, where both cells and mobile devices could have as many as eight antennas for better connections

There are steep technical challenges that come along with some of these features, such as the need to tightly synchronize base stations. Marshall said. That will require the base stations to talk to each other directly, without going through the core of the network, so they will need faster backhaul connections. Those links may take the form of fiber or fast wireless links, he said.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com


16.00 | 0 komentar | Read More
techieblogger.com Techie Blogger Techie Blogger