Researchers create Android app to show when other apps track you

A team of researchers has developed an Android app to help people better understand when their location is being accessed, something that happens more often than people think.

"All apps that access location need to request permission from the Android platform," Janne Lindqvist [cq], who led the research project, said via email. "The problem is that people don't pay attention to these default disclosures."

Android phones display a flashing GPS icon when apps are trying to access the user's location. But few people notice or understand what the icon is telling them, the researchers found.

The app they developed is designed to fix that, by making it clearer to users when other apps are accessing their location data. They tried several methods, including a message that flashes on the device's screen reading, "Your location is being accessed by [app name]."

There's no obvious way in Android for an app to monitor whether other apps are accessing location, the researchers said, but they discovered they could exploit a method in the Android Location API as "an effective side channel."

They're are in the process of readying their app for the Play Store. It doesn't have an official name yet, but the working title is the RutgersPrivacyApp. "I'm happy to hear suggestions for a better one," Lindqvist said.

They tested the app with a small group at Rutgers University in New Jersey. They said it was the first study to examine how people respond when apps tell them they're being tracked.

The issue of apps collecting data isn't new, and recent disclosures about government surveillance have shown that intelligence agencies might also be tracking data from apps. A recent report said mobile versions of Facebook, LinkedIn and Twitter were of interest to government spies.

Other research from Carnegie Mellon University in Pennsylvania has shown that seemingly harmless apps like Angry Birds and Dictionary.com have gathered some surprising types of information about their users, like their location and device ID.

At Rugers, the researchers wanted to learn how disclosures about location affected users' attitudes towards apps. They tested the app on several Android devices, using a variety of apps including Firefox and Tunein Radio.

Participants said they were surprised at some of the apps that accessed their location, and that some apps accessed their location more frequently than they would have expected.

Lindqvist hopes to make Android users more aware of location tracking so they can make better decisions about their privacy. He would also like Google to provide better privacy controls and notices in Android.

He said he focussed on Android rather than Apple's iOS partly because the process of publishing an app in the Google Play Store is simpler, he said.

16.00 | 0 komentar | Read More

Obama selects cryptologist to head US NSA

U.S. President Barack Obama has nominated an expert cryptologist to head the National Security Agency at a time when the agency is under pressure to reform its surveillance.

The Department of Defense announced late Thursday that Navy Vice Admiral Michael S. Rogers was the president's nominee to command the U.S. Cyber Command of the military. Rogers will in addition serve as director of the NSA and chief of the Central Security Service.

The NSA has been at the center of a privacy controversy after disclosures since June last year by its former contractor Edward Snowden. The NSA's bulk collection of phone records in the U.S. has been criticized by civil rights groups, legislators and Internet companies.

The NSA has also been charged, among other things, with having access in real-time to content on servers of Internet companies, spying on leaders of other countries, and breaking into the main communication links that connect Yahoo and Google data centers around the world.

The NSA has said it needed the collection and storage of bulk data for its analysis tools to be effective, though it has filters in place to prevent unauthorized access to personal data.

Rogers will lead the NSA at a time when it is planning reforms aimed at bringing more public transparency to its operations. Earlier this month, Obama called for changes to NSA surveillance, with new privacy advocates assigned to argue for the public in the secret U.S. Foreign Intelligence Surveillance Court, and a move away from the bulk telephone records collection program, with the goal to have a new program that does not include the NSA holding onto the records.

Vice Admiral Rogers currently serves as the U.S. Fleet Cyber Command commander. If confirmed by the U.S. Senate, he will replace General Keith Alexander, who has served as the NSA director since 2005, and as the U.S. Cyber Command commander since 2010, according to the statement by the Department of Defense.

Rogers has served in many functions as a cryptologist, including leading cryptologic direct support missions aboard U.S. submarines and surface units in the Arabian Gulf and the Mediterranean.

An Obama-appointed review group on intelligence and communications technologies recommended to the president last month that the head of the military unit, U.S. Cyber Command and the director of the NSA should not be a single official, to distinguish the "warfighting role from the intelligence role." It also recommended greater civilian control over the agency, including Senate confirmation for the director and being open to having a civilian director. "NSA should refocus on its core function: the collection and use of foreign intelligence information," it added.

Rogers has the wisdom "to help balance the demands of security, privacy, and liberty in our digital age," Secretary of Defense Chuck Hagel said in a statement Thursday. The government has also appointed Rick Ledgett, a civilian, as deputy director of the NSA, according to the statement. He was heading a task force to assess the damage from the leaks by Snowden.

16.00 | 0 komentar | Read More

Yahoo buying developer of Donna personal assistant app

Yahoo has entered into an agreement to acquire Incredible Labs, the startup behind mobile personal assistant app Donna.

The Internet giant did not comment on whether it was acquiring the company for its technology or for its talent, a trend popularly known as an acqui-hire, but said that five team members from Incredible Labs will join Yahoo's communications team in Sunnyvale, California at deal close, where they will work on Yahoo Mail.

The Donna app is also being shut down. The financial terms of the deal were not disclosed. The transaction is expected to close in the next few days, Yahoo said.

"When we met with the team from Incredible Labs, it was an immediate fit," Yahoo said in a statement on Thursday. "As we look to the future, our visions are aligned in that we think technology should be smart enough to think for us."

Donna helps its users by reminding them of upcoming appointments, notifying them when to leave based on traffic, travel time, and the current location, and dialing into conference calls. "In case you haven't heard of her, Donna's pretty amazing - she has an immense amount of intellect, she keeps you on time and gives you the information you need, when you need it," Yahoo said in its statement.

But following closing, Donna will be removed from the app store and discontinued as a service, Incredible Labs said in a post on its website.

Yahoo has been on an acquisition spree, and earlier this week it said it was acquiring Tomfoolery, a startup whose key product is Anchor, an app offering group chats, file sharing, and email and voice calling for businesses. Yahoo CEO Marissa Mayer said during the company's fourth quarter earnings call that it would continue to look for opportunities for talent acquisitions.

16.00 | 0 komentar | Read More

Nintendo sticks to its console guns despite Wii U flop

Nintendo won't be abandoning hardware or licensing its game titles for use on smartphones, its President Satoru Iwata told analysts in Tokyo.

Although he bowed in apology for the company's lackluster performance and has reportedly accepted a 50 percent pay cut, Iwata said Nintendo will not abandon the hardware business, but will try to reach out to gamers through marketing on smart devices, make the most out of the struggling Wii U console, and license game characters to new partners.

Popular games like the Mario franchise will not be released on smart devices, Iwata said, adding that releasing games as they are wouldn't be the best entertainment experience for smart devices.

He qualified that remark, however, by saying he had not put any restrictions on the company's mobile content development team, and has not ruled out making games or using Nintendo's game characters.

The company's dedication to hardware and software synergies remains firm as its core business, he said.

"Since the revision to our full-year financial forecast, there have been various reports and comments about us," Iwata said in a statement, referring to the company's drab results and ensuing calls for the game giant to release titles to outside platforms. "However, we do not hold a pessimistic view of the future of dedicated video game platforms."

"Given that the competition for consumers' time and attention has become fierce, I feel that how we will take advantage of smart devices is an extremely important question to answer. However, in order to be absolutely clear, let me emphasize that this does not mean simply supplying Nintendo games on smart devices," Iwata said.

The company will take advantage of smart devices by connecting to consumers, including those who do not own Nintendo's video game systems, through smart devices to communicate the value of its entertainment offerings, and encouraging more people to participate in Nintendo platforms, he added.

Investors had few immediate cheers for his speech. Nintendo stock was down 3.5 percent in morning trading on the Tokyo Stock Exchange.

Iwata also hinted that Nintendo will pursue "non-wearable" health-monitoring technology. He offered no details other than saying the tech isn't something people would necessarily use in their living room, and that more information will be released later this year.

The company will release Mario Kart 8 globally in May for the Wii U, Iwata said, adding that worldwide sales of the NIntendo 3DS have reached 42.74 million units.

"I didn't hear anything that is going to turn Wii U around near-term," said Lewis Ward, research manager for gaming at IDC. "I think another US$50 price cut for the Wii U bundle is needed but that wasn't announced today and it may not happen at all this year."

The Wii U needs to embrace user-generated content such as the ability to play Super Mario levels cooperatively online, Ward said. "I'm sure some big news will be broken at this year's E3 event in June, but little announced on the call today seems likely to give the Wii U a big lift near-term, and this is really the part of Nintendo's business that needs a lift," he added.

Founded in 1889 to market traditional Japanese playing cards, Nintendo has been reeling amid the recent popularity of smartphones as gamers move from consoles to phone handsets.

The briefing came the day after Nintendo reported disappointing results for the October-December quarter of last year, with operating profit down 6.9 percent from a year earlier to ¥21.7 billion ($211 million). Revenue was ¥302.6 billion, down 11.5 percent from ¥342 billion.

On Jan. 17, Nintendo warned of a net loss of ¥25 billion for the year to the end of March, instead of the ¥55 billion net profit it had forecast last April.

It had posted a ¥7.1 billion net profit for the year ended March 31, 2013, but this month blamed the poor performance on sluggish sales of high-margin games during the year-end period. Disappointing hardware sales were behind that, it suggested.

The game giant slashed estimates of sales of the Wii U, launched in 2012, from 9 million units to 2.8 million for the year to the end of March 2014, and revised downward its sales projections for the 3DS console from 18 million units to 13.5 million for the same period.

It sold 2.4 million Wii U consoles in the nine months from April to December 2013, down from 3 million units a year earlier.

16.00 | 0 komentar | Read More

Intel closing down AppUp online app store

Intel is closing down its AppUp online application store as it sees a shift in the market and consumer needs.

Designed originally for netbook computers, the Intel AppUp center was first unveiled in a beta program in 2010, with plans to expand its scope to smartphones, TVs and other consumer devices that use Intel processors.

The application store aimed to help develop the market for the products, attract developers to the platform and support customers. Intel Capital, the company's venture capital arm, announced in 2011 a US$100 million AppUp fund to invest in companies developing applications and digital content for PCs and mobile devices.

But the needs of consumers have since changed and so also the market environment, an Intel spokeswoman said late Wednesday. The company is realigning to focus on cloud services for enterprises, developers and operators, she added.

Some of Intel's partners like Microsoft also offer applications for download from vastly popular online stores.

The Intel AppUp center will close March 11 as the company focuses "on developing new and exciting PC innovations that will continue to shape your world," Intel said in a brief message on its website.

In a FAQ posted to its website, Intel said that after March 11, no new content or apps will be available for download from the store. Applications will not be updated or receive notifications through AppUp after that date.

"Some of the apps in the store use a special technology which protects the app from being pirated/duplicated," Intel said. These apps will work until May 15th, 2015, as long as users have the latest AppUp client installed.

Intel is also refunding users for paid applications for the actual transaction price. The refund process will be available from Jan 28 through Dec. 19 this year.

16.00 | 0 komentar | Read More

Samsung not sanctioned over leakage of Apple documents

A court in California has decided not to sanction Samsung Electronics for the leak of confidential Apple licensing information, stating that the information had not been misused in patent negotiations.

The court has, however, asked the external counsel to reimburse costs and fees incurred by Apple and Nokia on litigating the motion and related discovery.

Magistrate Judge Paul S. Grewal of the U.S. District Court for the Northern District of California ruled Wednesday that Samsung could not have benefited from the leaked information for its license negotiations with Nokia or Ericsson, pointing out that Samsung had argued that it already knew the terms of the agreement ahead of the leak.

The court said in November that it was considering sanctions against Samsung and its lawyers in view of allegations of the suspected breach of confidential information, including information on Apple's patent licensing agreements with Nokia, Ericsson, Sharp and Philips, which were marked for viewing by the attorneys alone.

Key terms of the four patent license agreements were contained in a draft expert report on damages that was forwarded to Samsung without redaction by its external counsel Quinn Emanuel Urquhart & Sullivan.

The counsel posted the expert report on an FTP (file transfer protocol) site that was accessible by Samsung staff, and emailed instructions for accessing the site, which over 50 Samsung employees including licensing executives are said to have accessed.

Apple had provided the information to Quinn Emanuel during the discovery phase of a lawsuit in California in which Apple was awarded damages of US$1.05 billion against Samsung, later whittled down to about $930 million.

Samsung explained that Ericsson told it the terms of its license with Apple in the course of their mediations. "Given that no representative from Ericsson or anyone else has come forward to refute that assertion, the court credits the testimony and accepts this explanation," Judge Grewal wrote in his order. He said he was also not persuaded, despite Samsung's "tenuous" explanations, that the South Korean company had used the confidential information in the expert report.

With regard to Quinn Emanuel, the court found that the reimbursement of costs, in addition to the public findings of wrongdoing was sufficient "both to remedy Apple and Nokia's harm and to discourage similar conduct in the future." Quinn Emanuel will also be responsible for ensuring that all copies of the expert report "containing confidential information are deleted, erased, wiped, or otherwise permanently removed from Samsung's control within fourteen days of this order."

"It is undisputed that at some point in late March 2012, a junior associate working late one night failed to fully redact Apple's confidential license terms from an expert report," Grewal said about Quinn Emanuel's role. "One inadvertent mistake resulted in the widespread distribution of confidential information to hundreds of people who were not authorized to have access to it."

16.00 | 0 komentar | Read More

Obama touches on NSA reform in State of the Union address

U.S. President Barack Obama repeated his call to reform intelligence surveillance programs, saying U.S. intelligence agencies need the trust of people inside and outside the country, during his State of the Union speech Tuesday night.

Obama promised to work with the U.S. Congress to reform surveillance programs, presumably those at the U.S. National Security Agency exposed in the past eight months by leaker Edward Snowden. "The vital work of our intelligence community depends on public confidence here and aboard, that privacy of ordinary people is not being violated," Obama said.

The president's remarks on surveillance reform were brief, but seemed to track with his call last week to reform NSA programs.

Obama also addressed a handful of other issues related to the tech industry. He called for patent reform, saying Congress needs to allow U.S. businesses to innovate instead of facing "costly and needless" patent lawsuits. Many lawmakers have pushed for legislation that would make it more difficult for so-called patent-assertion entities, firms that have patent lawsuits as their primary business models, to sue other businesses.

Michael Beckerman, president and CEO of trade group The Internet Association, applauded Obama's call for patent reform. "The days of patent trolls ... terrorizing innovative and hard-working businesses are numbered," he said by email. "American businesses large and small are cheering the president's call tonight. Abuse of the broken patent system by patent trolls hurt main street businesses, as well as the Internet industry."

Obama also called on Congress to pass immigration reform. Many large technology companies have called for more high-skill immigration visas, but Obama's remarks focused largely on illegal immigration issues.

Obama also praised the U.S. Federal Communications Commission, Apple, Microsoft, Sprint and Verizon Communications for pushing for higher speeds of broadband in the nation's schools. The companies will help to connect more than 15,000 schools to faster broadband within two years, he said.

FCC Chairman Tom Wheeler said the agency's E-Rate program bring better broadband to schools.

"Harnessing the power of digital technology is central to improving our education system and our global competitiveness," he said in a statement. "In the Internet age, every student in America should have access to state-of-the-art educational tools, which are increasingly interactive, individualized and bandwidth-intensive."

16.01 | 0 komentar | Read More

FileZilla warns of large malware campaign

Spoofed versions of the popular file transfer program FileZilla that steal data are circulating on third-party websites, the organization behind the software said Tuesday.

FileZilla is an open source application, and hackers have taken its source code and modified it in order to try to steal data for more than a decade. But this campaign, run on third-party websites, is one of the largest FileZilla has seen to date, it said.

"We do not condone these actions and are taking measures to get the known offenders removed," FileZilla said.

The organization said it is difficult to prevent tainted versions of its software "since the FileZilla Project promotes beneficial redistribution and modifications of FileZilla in the spirit of free open source software and the GNU General Public License."

The security vendor Avast found that the modified versions are nearly identical to the legitimate application. The icons, buttons and images are the same, and the malware version of the ".exe" file is just slightly smaller than the real one, Avast wrote on its blog.

Inside the tampered FileZilla versions, Avast found code that steals login credentials for servers users are accessing. The username, password, FTP server and port are encoded using a custom base64 algorithm and sent to the attacker's server, according to Avast.

"The whole operation is very quick and quiet," Avast wrote.

The stolen data goes to a server in Germany. The same IP address of that server hosts three other domains registered through Naunet.ru, which Avast wrote "is associated with malware and spam activities."

FileZilla recommended its application be downloaded only from its website or SourceForge, one of its distribution partners. It also recommended to check the SHA-512 hashes of the unmodified version of FileZilla's installer and executable, which it has published on its blog.

16.01 | 0 komentar | Read More

Google ordered to pay royalty on AdWords revenue to Vringo

Google has been ordered by a court in Virginia to pay royalty to I/P Engine for infringing some claims of two of its patents through the AdWords advertising system.

District Judge Raymond A. Jackson of the U.S. District Court for the Eastern District of Virginia, Norfolk division decided Tuesday that I/P Engine, a patent licensing subsidiary of Vringo, should be paid an ongoing royalty rate of 6.5 percent on a part of AdWords revenue.

Google had earlier argued that it had redesigned AdWords, and functions of the system that I/P Engine held to be infringing had been removed even before the entry of judgment. It held that if royalties were warranted, it should be in a lump sum, according to court records.

But the judge ruled earlier this month that the modified system was "nothing more than a colorable variation of the system adjudged to infringe." The judge also ordered the parties to meet to negotiate an appropriate ongoing royalty rate.

Google, which has already appealed the court's decisions in the U.S. Court of Appeals for the Federal Circuit, is planning to appeal the royalty award as well. "We believe strongly in our pending appeal in this matter, and we anticipate seeking Federal Circuit review of today's decision as well," Google's patent counsel Jennifer Polse said in a statement Tuesday.

The lawsuit dates back to Sept. 15, 2011, when I/P Engine filed a complaint against AOL, Google, Target and others, alleging that the defendants had infringed two of its patents through the AdWords search advertising system which the companies were using.

The two patents—U.S Patent no. 6,314,420 entitled "Collaborative/adaptive search engine" and Patent No. 6,775,664 entitled "Information filter system and method for integrated content-based and collaborative/adaptive feedback queries"— relate to relevance filtering technology used in search to place advertisements in the best positions. They were acquired from Lycos, one of the earliest participants in the search engine industry.

On Nov. 6, 2012, a jury reached a verdict finding that Google and the other defendants had infringed the asserted claims of the two I/P Engine patents. The jury awarded I/P Engine US$30.5 million in damages without interest, and a running royalty rate of 3.5 percent instead of a lump sum. In an order this month, the District Court ordered that I/P Engine recover an additional sum of $17.32 million from the defendants for supplemental damages and prejudgment interest.

I/P Engine has been awarded the royalty rate of 6.5 percent, after it asked for an increase in the royalty rate awarded by the jury. In August, the court entered an order finding that I/P Engine was entitled to an ongoing royalty with a royalty base of 20.9 percent, and that royalty payments should be made on a quarterly basis. The royalty base is that part of AdWords revenue that can be attributed to the infringing features. The effective rate of royalty on AdWords revenue is hence likely to be about 1.36 percent.

16.01 | 0 komentar | Read More

Global smartphone shipments topped 1 billion in 2013

If you had any doubts about the popularity of smartphones, new numbers suggest they've notched a significant milestone. The global smartphone market topped 1 billion shipments for the first time in 2013, covering about one-seventh of the world's population, according to research by IDC.

Smartphone shipments were up 38.4 percent in 2013 from 725 million units in the previous year, according to data from IDC's Worldwide Quarterly Mobile Phone Tracker.

In 2013, there were 1.82 billion mobile phones shipped, which includes smartphones, an increase of 4.8 percent from 1.73 billion in 2012.

Samsung continued its dominance in 2013 with 31.3 percent market share in smartphones compared to Apple's 15.3 percent. The top two vendors were followed by Huawei at 4.9 percent, LG at 4.8 percent, and Lenovo at 4.5 percent, according to IDC.

"Among the top trends driving smartphone growth are large screen devices and low cost," Ryan Reith, program director with IDC's Worldwide Quarterly Mobile Phone Tracker, said in a release on Monday.

"Of the two, I have to say that low cost is the key difference maker. Cheap devices are not the attractive segment that normally grabs headlines, but IDC data shows this is the portion of the market that is driving volume. Markets like China and India are quickly moving toward a point where sub-US$150 smartphones are the majority of shipments, bringing a solid computing experience to the hands of many."

The IDC numbers, released the day Apple reported record-high sales of 51 million iPhones in the quarter to Dec. 28, are roughly in line with data from another research firm, Strategy Analytics.

It pegged 2013 global smartphone shipments at a record-high 990 million units, up 41 percent from over 700 million in 2012. The rate of growth was down slightly from 43 percent in 2012 due to the already high penetration in big markets like the U.S., the research firm said.

The market shares it reported roughly matched those from IDC, with Samsung at 32.3 percent, Apple at 15.5 percent, Huawei at 5.1 percent, LG at 4.8 percent and Lenovo at 4.6 percent.

"Samsung and Apple together accounted for almost half of all smartphones shipped worldwide in 2013," Linda Sui, senior analyst at Strategy Analytics, said in a release.

The two companies kept their grip of the market by large marketing budgets, extensive distribution channels and attractive product portfolios, but there is now more competition coming from second-tier smartphone brands, Sui said. Huawei, LG and Lenovo each grew their smartphone shipments around two times faster than the global industry average and captured a combined 14 percent market share, according to Sui.

"Huawei is expanding swiftly in Europe, while LG's Optimus range is proving popular in Latin America, and Lenovo's Android models are selling at competitive price points across China. Samsung and Apple will need to fight hard to hold off these and other hungry challengers during 2014," Sui said.

16.01 | 0 komentar | Read More

Microsoft cloud server designs for Facebook's Open Compute Project

Microsoft is contributing the designs of the cloud servers that run some of its services like Bing and Windows Azure to the Open Compute Project, in a bid to help standardize and reduce hardware costs.

The Redmond, Washington, tech company is also contributing system management source code to the project. It said it aimed to create an open source software community in the Open Compute Project.

By promoting its hardware specification in the data center, Microsoft could be looking for an opportunity for its server software as against Linux which has been the favorite of many Web companies.

"My belief is that they are trying to have a voice in a community that they haven't had a voice before," said Patrick Moorhead, founder and president of research firm Moor Insights & Strategy. The Open Compute Project is largely geared towards open source and doing things yourself, which goes against Microsoft's business model of proprietary software and paid services, he said.

By joining the Open Compute Project, it is unlikely that Microsoft will win over Web companies to its own server software, Moorhead said.

The Microsoft servers offer improvements over traditional enterprise server designs, including up to 40 percent server cost savings, 15 percent power efficiency gains and 50 percent reduction in deployment and service times, Bill Laing, corporate vice president for cloud and enterprise at Microsoft, said in a blog post Monday.

The server designs are also expected to be environment friendly as they reduce network cabling by 1,100 miles (1,770 kilometers) and metal by 10,000 tons across Microsoft's base of 1 million servers.

Microsoft looks forward to commercial offerings in the near future from its partners who develop products for the company based on the specifications, said Kushagra Vaid, general manager for server engineering at Microsoft, in a blog post.

Initiated by Facebook to drive down the cost of the hardware it uses, the Open Compute Project is a collaborative project that aims to share specifications and best practices for making hardware designs more efficient and innovative. Its goal is to develop servers and data centers following a model traditionally associated with open source software projects. The Open Compute Project Foundation has executives of tech companies like Intel and Rackspace, and user company Goldman Sachs on its board.

Facebook said in August that the Open Compute Project, for example, is working on an open network switch design for Internet data centers.

"The Microsoft cloud server specification essentially provides the blueprints for the datacenter servers we have designed to deliver the world's most diverse portfolio of cloud services," Laing said. Microsoft and Facebook are the only cloud service providers to publicly release the server specifications, he added.

Microsoft manages data centers with an installed base of over 1 million servers, and delivers more than 200 services for over 1 billion customers and more than 20 million businesses in over 90 markets, which requires attention to several system design principles, such as simplicity, modularity of the design and supply chain agility, Vaid said.

Microsoft Open Technologies, a Microsoft subsidiary focused on open standards and open source, is also releasing an open source reference implementation of the Chassis Manager specification. The code is already available on the GitHub code-sharing repository, and offers functions such as server diagnostics, and fan and power supply control.

The move by Microsoft comes ahead of a two-day Open Compute Summit in San Jose, California, that starts Tuesday. Laing is scheduled to deliver a keynote on the first day at the summit, when he will announce that Microsoft is joining the Open Compute Project.

Microsoft may be joining the Open Compute Project to better understand the community ahead of Linux and the do-it-yourself mentality spreading to the enterprise market, Moorhead said. It will give the company an opportunity to better understand the way the community functions and the best practices, he added.

16.01 | 0 komentar | Read More

Dell KACE upgrade deploys OS upgrades to 250 devices, simultaneously

With Microsoft's deadline for the end of Windows XP support looming ever larger, Dell's KACE division launched a new version of its deployment appliance that can upgrade 250 PCs simultaneously.

Version 3.6 of the Dell KACE K2000 deployment appliance adds multicasting, allowing the appliance to rapidly deploy new operating systems and applications. The same image is transferred to multiple clients just once over the network. The apppliance itself can manage up to 100 nodes, and supports Android, iOS, various Microsoft Windows OSes plus Mac OS as well. 

A new task engine allows the appliance to manage installations that require multiple reboots, allowing buyers of the $4500 appliance to perform "lights-out" operations at off hours. The appliance remains the same; existing customers can also download the 3.6 upgrade for free, Dell said.

Dell

The Dell KACE deployment center provides a snapshot of recent activity.

Although the KACE appliance is aimed more at IT managers than business employees, both groups of people will benefit.

Microsoft has said previously that it will end support for Windows XP this April, after which it will no longer issue updates to the software—should hackers determine a vulnerability in XP after the April deadline, it will never be patched. But sources close to Microsoft have also indicated that its Microsoft Software Removal Tool will remain active until July 2015, and Microsoft has also said that it will update its Microsoft Security Essentials through July 14, 2015 as well. That's led some to speculate that Microsoft may eventually throw up its hands and push the Windows XP's end-of-life support date to July 2015 as well.

Until then, however, Dell is busy encouraging users to use its deployment appliance as a stopgap to solve the problem of rapid deployment, whether it be to Windows 8 or Windows 7.

"I know we've had a lot more interest" in the product as the XP deadline approaches, said Ken Drachnik, director of product marketing at Dell KACE. "A lot of people are waiting until the last minute to beat the deadline, and we're approaching that deadline now." 

Drachnik said that the KACE appliance will typically be used by businesses or schools to rapidly deploy the upgraded OS and dependent applications. But for those companies with distributed devices—such as a nationwide network of ATMs running Windows XP, for example—the appliance could be used as well, assuming that those ATMs are connected, he said. 

16.01 | 0 komentar | Read More

Microsoft says law enforcement documents likely stolen by hackers

Documents linked with law enforcement inquiries appear to have been stolen in recent phishing attacks on certain employee email accounts, Microsoft said.

The technology giant said earlier this month that a small number of Microsoft employee social media and email accounts had been impacted in a phishing attack. The accounts were reset and no customer information was compromised, Microsoft said.

On Friday, Adrienne Hall, general manager in Microsoft's Trustworthy Computing Group, said in a blog post that it appeared that documents associated with law enforcement inquiries were stolen. "If we find that customer information related to those requests has been compromised, we will take appropriate action," Hall said.

The company will, however, not comment on the validity of any stolen emails or documents in deference to "the privacy of our employees and customers—as well as the sensitivity of law enforcement inquiries," she added.

Microsoft said its investigation continues, and that the type of attack was not uncommon, as many companies face phishing attempts from cybercriminals.

The company has been recently targeted by the Syrian Electronic Army, a hacker group that supports the Syrian regime of Bashar al-Assad. SEA attacked this month the social media properties of Skype and other Microsoft social media and blogs, including the Microsoft Office Blogs site.

In a message on Twitter, SEA accused Microsoft of selling customer data to governments, which was probably a reference to disclosures last year by former U.S. National Security Agency contractor, Edward Snowden, that Internet companies were allegedly providing access to real-time customer data to the agency.

Microsoft receives requests for customer data from law enforcement agencies around the world relating to Microsoft online and cloud services. Some of these are covered under "gag orders," which do not allow the company to disclose to the public the existence of the specific requests.

In March last year it started publishing its Law Enforcement Requests Report, which listed the total number of requests it receives from law enforcement agencies in countries around the world and the number of potentially affected accounts identified in those requests. Microsoft, Google and some other Internet companies have asked the Foreign Intelligence Surveillance Court for permission to provide aggregate data on security information requests under the Foreign Intelligence Surveillance Act, which they are currently disallowed.

16.01 | 0 komentar | Read More

Google acquires artificial intelligence company DeepMind

Google has acquired DeepMind Technologies, an artificial intelligence company in London, reportedly for US$400 million.

A Google representative confirmed the deal Sunday via email, but said the company's isn't providing any additional information at this time.

News website Re/code said in a report on Sunday that Google was paying $400 million for the company, founded by games prodigy and neuroscientist Demis Hassabis, Shane Legg and Mustafa Suleyman.

The company claims on its website that it combines "the best techniques from machine learning and systems neuroscience to build powerful general-purpose learning algorithms." It said its first commercial applications are in simulations, e-commerce and games.

Google announced this month it was paying $3.2 billion in cash to acquire Nest, a maker of smart smoke alarms and thermostats, in what is seen as a bid to expand into the connected home market. It also acquired in January a security firm called Impermium, to boost its expertise in countering spam and abuse.

The Internet giant said on a research site that much of its work on language, speech, translation, and visual processing relies on machine learning and artificial intelligence. "In all of those tasks and many others, we gather large volumes of direct or indirect evidence of relationships of interest, and we apply learning algorithms to generalize from that evidence to new cases of interest," it said.

In May, Google launched a Quantum Artificial Intelligence Lab, hosted by NASA's Ames Research Center. The Universities Space Research Association was to invite researchers around the world to share time on the quantum computer from D-Wave Systems, to study how quantum computing can advance machine learning.

16.01 | 0 komentar | Read More

China's Baidu testing search engines for Brazil, Egypt, Thailand

Baidu is testing new search engines for users outside China that will target markets in Brazil, Egypt and Thailand to start with.

The search pages for the three markets have appeared online, although Baidu has not formally launched the services yet. "It's still in internal testing," said company spokesman Kaiser Kuo on Monday.

The three sites can be found at www.baidu.com.eg, www.baidu.co.th, www.baidu.net.br and are designed in the local language of each market. In addition to a search bar, the landing pages to the sites offer direct links to popular services such as Facebook, YouTube, as well as Hao123, Baidu's own local Web directory.

Besides Web search, the sites also contain different features such as image and video search, along with language translation.

Although Baidu is a household name in China, where it dominates the country's search market, the company is aiming to become an internationally recognized brand. In 2008, the company released its first search engine outside China, by targeting Japan.

But in expanding its footprint, the Chinese company has had to contend with Google, which globally had over 68 percent of all searches conducted on desktop PCs in December, according to analytics firm Net Applications. In contrast, Baidu had 18.8 percent share during the month.

In 2011, Baidu signaled it would target developing countries by working on Internet products for Thailand and Egypt. In the next year, the company announced it was building an office for its international operations in the Chinese city of Shenzhen.

Baidu is not only developing search engines for the three markets of Brazil, Egypt and Thailand, but also for other nations as well, Kuo added.

16.00 | 0 komentar | Read More

Report: Apple planning a move into mobile payments service

Apple is making internal and external moves to expand its ability to handle mobile payments, stepping more deeply into a market where rivals would include eBay's PayPal, Google, and niche specialists like Square and Stripe, according to The Wall Street Journal.

Apple CEO Tim Cook has dispatched iTunes and App Store chief Eddy Cue to meet with industry executives to gage their interest in having Apple handle mobile payments for physical goods and services, the Journal reported on Friday, quoting anonymous sources.

Internally, Apple created a new position for an executive to be in charge of a project to build a new payment system, and picked Jennifer Bailey for the job, according to the article, where she's described as "a longtime executive" in charge of Apple's online stores.

Apple is seeking to build upon the hundreds of million of credit cards stored on iTunes and App Store, and upon the vast user base of iPhones and iPads. The company already lets people to pay for some products in Apple retail stores by scanning the item and paying with a credit card on file on iTunes, the Journal reported.

Apple didn't immediately respond to a request for comment about the Journal's article.

16.01 | 0 komentar | Read More

Microsoft loses money on every Surface tablet it sells

Microsoft lost $39 million last quarter selling its Surface tablets, the company acknowledged in filings last week with the U.S. Securities and Exchange Commission (SEC).

While Microsoft reported increased Surface revenue for the October to December 2013 quarter of $893 million—more than double the $400 million in the quarter ending September 30, 2013—it pegged the cost of that revenue at $932 million.

The difference between what it brought in and what it laid out—cost of revenue would include not only the money necessary to assemble the tablets, but also distribution and marketing expenses—and thus the amount Microsoft went into the hole, was a brisk $39 million.

Microsoft launched its second-generation Surface devices, the low-end Surface 2, which runs the scaled-down Windows RT, and the pricier Surface Pro 2, a notebook replacement powered by Windows 8.1, in late September.

The company also kept the first-generation Surface RT in its line-up, although at a reduced price of $299, in an effort to unload the 2012 tablet that was so over-ordered that Microsoft was forced to write off $900 million last year.

In the third quarter of 2013, Microsoft did not spell out the revenue versus cost of revenue comparison in such stark terms, but revisiting the SEC filing from late October makes it clear the company also spent more than it made then.

Microsoft said Surface revenue of $400 million for the third quarter had been more than offset by a "$645 million higher Surface cost of revenue," and explained the disparity by pointing out that "Surface product costs increased with higher volumes sold [and] other costs grew as we read[ied] inventory lines for the Surface 2 launch and the holiday sales cycle."

Those higher costs have eaten into Microsoft's once-famous margins, a move analysts expected as the company shifted to a device strategy by selling its own hardware. "The more you are into hardware, the lower the margin," said IDC analyst Rajani Singh last year. "The bottom line will go down as their product mix changes."

Overall, Microsoft's new Devices and Consumer Hardware group posted dramatically lower margins—down 49 percent in the fourth quarter compared to the previous period—according to Microsoft's filing.

The most telling line in today's Form 10-Q, however, hints that Microsoft is, in fact, losing money on every Surface sold.

"Surface cost of revenue increased with higher volumes sold, including sales of Surface 2 and Surface Pro 2," the company stated.

16.01 | 0 komentar | Read More

Arts and crafts chain Michaels investigates possible data breach

Michaels, a large U.S.-based arts and craft store chain, said Saturday it is investigating a possible data breach after suspicious activity was detected on payment cards used at its stores.

The company opted to come forward without confirming a compromise because of the "widely reported criminal efforts to penetrate the data systems of U.S. retailers," according to a company statement.

CEO Chuck Rubin said "it is in the best interest of our customers to alert them to this potential issue" so they can scan payment card statements for unauthorized charges, according to the statement.

The Irving, Texas, company, which had more than 1105 stores in the U.S. and Canada as of May 2013, said it has contacted federal law enforcement and hired third-party data security consultants. It also owns Aaron Brothers, a 123-store chain in 11 U.S. states.

If Michaels confirms a breach, it would become the latest victim in a string of data attacks rattling merchants across the U.S. High-end retailer Neiman Marcus and department store Target announced data breaches earlier this month.

Both of those breaches occurred after attackers installed malicious software on their network that collected payment card details.

Target said as many as 40 million payment cards and up to 70 million other personal records were compromised between November 27 and December 15, 2013. CEO Gregg Steinhafel said malware was installed on point-of-sale terminals used to swipe cards.

Neiman Marcus said between July and October 2013, malware "scraped" payment card information from its system before the company learned of the fraud in December.

Security experts have seen point-of-sale malware for sale on underground forums since at least March 2013. The Target malware is believed to be a derivative of malware called "Kaptoxa," which is Russian for "potato."

That malware, also called "BlackPOS," steals unencrypted card data just after it is swiped and sits in the POS terminal's memory. This type of malware has also been termed a "RAM scraper."

Last week, a 23-year-old living in Russia said he contributed code the Kaptoxa malware. Rinat Shabayev, who lives in Saratov, Russia, told Lifenews.ru that the program could be used for illegal purposes but was intended as a defensive tool.

Computer security experts believe that Shabayev used an online nickname "ree4" and may have sold copies of the program for $2000 or for a share of the profits. He hasn't been charged, although experts think his customers may be behind the attacks.

There are many indications on underground forums that point-of-sale hacking campaigns are continuing, said Dan Clements, president of the cyberintelligence company IntelCrawler.

One hacker, believed to be based in the U.K., has posted a video on YouTube showing access to the system of an events company in the U.S. midwest. The company has not responded to a request for comment.

Another one of the hacker's videos shows how he performs the attacks using a Microsoft connection protocol, RDP, or Remote Desktop Protocol.

RDP was developed by Microsoft to let administrators access other remote computers. Since many POS terminals are Windows-based, Visa warned merchants in last August that RDP log-ons should be disabled.

Postings on the underground forums seen by IDG News Service show that cybercriminals buy and sell access to point-of-sale terminals and other systems that have RDP enabled.

Intruders often try the default login and password for terminals, and if that doesn't work, attempt brute-force attacks, which try many combinations of credentials. Vulnerable IP addresses can be probed from anywhere in the world for weaknesses.

The hacker who posted on YouTube showed he had access to sales orders of the events company between 2009 through 2012. Various video frames show customer names, addresses, email addresses, credit card numbers and expiration dates.

An analysis by IntelCrawler shows a thriving interest in RDP hacking. Its analysts gather data from password-protected forums used by cybercriminals, which gives insight into the latest trends.

On November 27, the day that Target believes hackers began collecting payment card details, a posting on a Russian-language forum showed a buyer offering $100 for access to a hacked RDP POS terminal.

The buyer was interested in Track 1 and Track 2 data, which is information coded on the back of a payment card's magnetic stripe. Track 1 data contains a card number, the holder's name expiration date, while Track 2 data contains the card number and expiration date.

16.00 | 0 komentar | Read More

DOJ files its first lawsuits over counterfeit apps

The U.S. Department of Justice has filed its first lawsuits over counterfeit smartphone apps, charging four men who now face up to five years each in prison.

"These crimes involve the large-scale violation of intellectual property rights in a relatively new and rapidly growing market," Mythili Raman, acting assistant attorney general for the DOJ's criminal division, said in a statement Friday.

"While this represents the first counterfeit apps case by the Department of Justice, it exemplifies our longstanding commitment to prosecute those who steal the creative works of others," she said.

The lawsuits, filed Thursday and Friday in the Northern District of Georgia, charge the four men with conspiracy to commit criminal copyright infringement. One lawsuit names Kody Jon Peterson, 22, of Clermont, Florida, while the other is against Thomas Allen Dye, 21, and Nicholas Anthony Narbone, 26, both of Orlando, Florida, and Thomas Pace, 38, of Oregon City, Oregon, the DOJ said.

In each case, the men are accused of conspiring to copy Android apps and distributing more than a million copies of them through online markets they set up called Snappzmarket and Appbucket. The markets were shut down last year—the first time domains involving mobile app marketplaces had been seized, the DOJ said.

The defendants acted without permission from the developers of the apps, which are otherwise sold through legitimate sites like Google Play, the DOJ said. It didn't say which apps were involved. A DOJ spokesman, citing court records, said the accused charged a subscription fee for the online markets.

Snappzmarket operated between May 2011 and August 2012, and Appbucket between August 2010 and August 2012, the DOJ said. Court records show that during a five-month period in 2010, Narbone allegedly received more than US$60,000 in subscriptions to Appbucket, the DOJ spokesman said.

Google's Android is the most widely used mobile operating system, and the lawsuits show how smartphone apps have become a target for counterfeiters.

"We are committed to protecting copyright owners, and we will continue to vigorously prosecute those who steal all forms of copyrighted work," U.S. Attorney Sally Quillian Yates of the Northern District of Georgia said in the statement.

Peterson was arraigned Thursday, and Dye, Narbone and Pace were arraigned Friday, the DOJ said.

16.00 | 0 komentar | Read More

Samsung's Apple damages equivalent to 16 days' profit

The $930 million in damages Samsung was ordered to pay Apple last year for infringing its smartphone patents is more than some device makers earn in a year, but for Samsung it's equal to just over 16 days' worth of profit.

The Seoul-based company reported its financial results Friday and said quarterly operating profit from its IT and mobile communications division, which sells primarily phones and tablets, came to $5.1 billion.

That works out to roughly $56.6 million per day, so the damages it was ordered to pay Apple in one of their California lawsuits amounts to just over two weeks of profit.

For Apple, it's not much different. The California company is due to report its earnings Monday, but based on its July-to-September quarter, the money it was awarded from Samsung is equivalent to eight days of company operating profit. (Unlike Samsung, Apple doesn't break out its profits from mobile.)

That might illustrate why the huge damages award hasn't stopped the two companies from continuing their court battle.

Apple is often credited with creating the modern smartphone market when it launched the iPhone in 2007. The handset is still the best-seller in many countries, but Samsung has become a more popular brand thanks to the multitude of phones it sells.

Apple cried foul in 2011, accusing Samsung of copying essential elements of its iPhone design, and filed its lawsuit. It was followed by a countersuit from Samsung and parallel lawsuits by both companies in the U.S. and elsewhere. Samsung appealed the California award.

The battle isn't over yet. The two companies will face off for a second lawsuit in California in late March, over patents on a different selection of phones.

Ahead of that case, an exasperated Judge Lucy Koh ordered the companies to sit down and see if they can work out their differences. They have until February 19 to convene a meeting between the CEOs of both companies and a mediator to attempt to avoid a further trial.

16.00 | 0 komentar | Read More

Yahoo buys virtual worlds gaming company Cloud Party

Yahoo has acquired Cloud Party, a gaming company specializing in virtual worlds, in another deal to give the search giant more engineering chops.

Cloud Party provided a multiplayer, three-dimensional gaming platform that could run directly in a Web browser without plug-ins. Players could build their own worlds and avatars and explore immersive environments, similar to the online system Second Life. The company launched in 2011.

Now those worlds, or at least the technology they were built on, will be incorporated into Yahoo. Cloud Party CEO Sam Thompson said in a blog post Friday that the company will be joining Yahoo and shutting down its service next month

A Yahoo spokeswoman confirmed the acquisition. Financial details were not disclosed.

Cloud Party may not provide Yahoo with any sweeping new worlds in which its users can play, at least not immediately. Yahoo's Games site already lets people play games online and download titles including arcade, board and puzzle games.

Cloud Party appears to be another "acqui-hire" for Yahoo, netting it a talented pool of gaming developers who could improve Yahoo's own gaming offerings or build new ones.

"We're excited to merge their unique perspective and experience with a team that is just as passionate about gaming," the Yahoo spokeswoman said.

Yahoo signaled its interest in gaming last year when it acquired PlayerScale, which provides infrastructure software.

Yahoo has been on an acquisition spree since Marissa Mayer became CEO in 2012. Some of those acquisitions have brought new users, as with Tumblr last May.

But others have been geared toward technology and engineering, as with LookFlow for improving Flickr.

16.00 | 0 komentar | Read More

Neiman Marcus says 'complex' malware defeated its security

Neiman Marcus was unaware attackers had harvested payment card details until six weeks after the activity had ended, when its merchant processor zeroed in on a fraudulent spending pattern.

The retailer gave its most complete account yet of its data breach in a letter Wednesday to U.S. Sen. Richard Blumenthal, a Democrat from Connecticut, who has pushed Neiman Marcus and Target for more details on how they've responded to the attacks.

Neiman Marcus characterized the malware involved as "complex" and described in part how it collected card details despite security measures that the retailer says exceeded industry recommendations.

As many as 1.1 million payment cards may have been exposed, and so far 2,400 cards have been fraudulently used, wrote Neiman Marcus CIO Michael R. Kingston in the letter, posted on Blumenthal's website.

Forensic investigators have determined that malicious software that "scrapes" payment card details was installed, he wrote.

The same kind of malware, which is installed on point-of-sale terminals, was used against the retailer Target, which has said up to 40 million card details may have been compromised. The malware grabs unencrypted card data while it is still in a cash register's memory.

Neither retailer has revealed how the attackers breached their systems. The malware was installed on Neiman Marcus' system as early as July 2013 and was active through Oct. 30, 2013, Kingston wrote.

The retailer's first hint of fraud came on Dec. 13 when its merchant processor said Visa identified an unknown number of fraudulent purchases with cards that had been used at a small number of stores. Over the next week, Visa and MasterCard sent more reports of cards that had been fraudulently used after their holders visited stores.

Neiman Marcus hired a forensics firm Dec. 20 to investigate and notified federal law enforcement on Dec. 23, Kingston wrote. A second computer investigation consultant, Stroz Friedberg, was hired Dec. 29.

On Jan. 1, the forensics firm said it appeared to find malware that related to payment card transactions. Over the next two days, Neiman Marcus began planning how to notify affected consumers and financial institutions.

It started notifying customers Jan. 10, the day the breach was revealed by security writer Brian Krebs.

In an updated post on the company's website, Neiman Marcus Group President and CEO Karen Katz said it is notifying all customers for whom it has contact information and who have shopped at its stores since January 2013. It will offer them a year of free credit monitoring and identity theft protection.

Nieman Marcus says Social Security numbers and birth dates were not taken, and that its stores don't require customers to enter a payment card PIN (personal identification number).

According to Kingston, Neiman Marcus' systems exceed the Payment Card Industry's Data Security Standard (PCI-DSS) requirements, a set of security best practices around handling card data.

PCI-DSS does not require encryption of network traffic within a retailer. Data from cards swiped at Neiman Marcus passes through a point-of-sale device's memory, "then is transmitted through an encrypted tunnel to a central point on our network," Kingston wrote.

"The data is then forwarded through a firewall to the merchant payment processor over a dedicated circuit," he wrote.

Kingston described the malware used as "complex and its output encrypted."

Its investigators analyzed the encryption algorithm and created a script that allowed them to decrypt the information it scrambled, which showed "payment card information had been captured," Kingston wrote.

Security experts believe a variant of "Kaptoxa," also called "BlackPOS," was used against Target. The malware was spotted by security companies as early as March 2013. It wasn't clear from Kingston's letter if Kaptoxa is the same malware used against Neiman Marcus.

16.00 | 0 komentar | Read More

Profits stall at Samsung's mobile division

Profits were flat in the fourth quarter in Samsung Electronics' smartphone and tablet business, despite an uptick in sales, in part because the company spent more on marketing over the holiday shopping period.

The company's IT and mobile communications (IM) division, which has smartphones and tablets as a key component, posted in the quarter the same operating profit of 5.47 trillion Korean won (US$5 billion) as in the fourth quarter of 2012, even as revenue from its mobile business grew 8.7 percent to over 32 trillion won.

The largest smartphone maker said earnings of its mobile business took a hit because of seasonally increased marketing expenditures and an unspecified one-off expense.

But the market for Samsung's smartphones may also be shrinking, as the company saw revenue from its mobile business drop 9 percent in the quarter from about 35 trillion won in the previous quarter.

The South Korean electronics giant on Friday reported overall operating profit of 8.31 trillion won for the October-December period, down by close to 6 percent from 8.84 trillion won in the last quarter of 2012.

Operating profit is a useful measure because it shows the performance of a company's core operations, excluding other factors like investments. The company's net profit for the quarter was 7.3 trillion won, up 4 percent from the same quarter in the previous year. Revenue was up by close to 6 percent to over 59 trillion won.

The manufacturer attributed its disappointing overall earnings performance to one-off expenses including a roughly 800 billion won employee bonus to mark the 20th anniversary of Samsung's new management strategy and the appreciating won, which eroded the value of Samsung's sales to the tune of 700 billion won.

"Excluding these two items, the fourth-quarter operational results, I believe, were respectably sound," Robert Yi, senior vice president of investor relations, said during a conference call on the earnings report.

The company surprised investors earlier this month when it warned that operating profit would fall for the first time in two years. Competition with Apple has intensified as carriers China Mobile and NTT DoCoMo in Japan started offering the iPhone, while macroeconomic factors such as increased concerns over possible U.S. tapering of quantitative easing also weighed on performance.

"Despite such challenging business conditions, we achieved record-high earnings in 2013 led by sustained growth in the IM business," Yi said. "Our 2013 revenue was up by 14 percent from the previous year, mainly led by growth in handsets and semiconductors."

Tablet shipments in 2013 doubled from the previous year as a result of new releases such as the Galaxy Tab 3 and the 2014 edition Galaxy Note 10.1. Samsung expects the tablet market to increase by more than 20 percent this year.

The outlook for phones is good as well. "In 2014, we expect the total smartphone market shipments to grow by 15 percent or higher," said Hyunjoon Kim, senior vice president for mobile communications, citing expanding IT services in China and continued demand in emerging markets.

TVs also helped Samsung's consumer electronics business, helped by a 7 percent year-on-year increase in sales to developed markets. In 2014, the company plans to "outperform the market" by increasing sales of high value-added premium TV products, such as UHD (Ultra High-Definition), curved, and large-size, over 60-inch TVs.

For the full year 2013, Samsung booked operating profit of close to 37 trillion won, up 27 percent from 2012.

16.00 | 0 komentar | Read More

CNN's Twitter and Facebook accounts hacked

A number of CNN's social media accounts and blogs were hacked Thursday by a group styling itself as the Syrian Electronic Army.

The cable news network said its main Facebook account, Twitter feeds and some blogs were targeted and content posted on some of them. The posts, including unauthorized tweets, were deleted in minutes and the accounts have since been secured, it said.

The SEA, a group that supports the Syrian regime of Bashar al-Assad, said in a Twitter message that it had decided to retaliate against CNN's "viciously lying reporting aimed at prolonging the suffering" in Syria.

SEA has targeted previously many high-profile websites and Twitter accounts.

This month it attacked the social media properties of Skype, Microsoft's Internet phone unit, and several other Microsoft social media pages and blogs, including the Microsoft Office Blogs site. The SEA charged the company with selling customer data to governments, presumably a reference to disclosures last year by former U.S. National Security Agency contractor, Edward Snowden, that Internet companies were allegedly providing access to real-time customer data to the agency.

In August, an attack purportedly by SEA on Melbourne IT, an Australian domain registrar, affected the websites of The New York Times, Twitter and other top companies.

The attack on CNN is in line with earlier attacks by the SEA, which were primarily focused on issues related to the civil war in Syria.

16.00 | 0 komentar | Read More

Facebook testing its ads in third-party mobile apps

Facebook is testing its advertisements on outside mobile applications, calling it a new way for app developers to monetize their creations.

The trial would pave the way for Facebook to open its own mobile advertising network, which would further boost its growing mobile ad revenue.

"We are running a small test to explore showing Facebook ads in third-party mobile apps," Sriram Krishnan, who works on mobile products for Facebook, wrote on the company's developers blog.

"In this test, we'll be extending Facebook's rich targeting to improve the relevancy of the ads people see, provide even greater reach for Facebook advertisers, and help developers better monetize their apps."

Instead of using an outside ad-serving platform, the social media giant is collaborating directly with a handful of advertisers and publishers, Krishnan added, but didn't name the partners.

The trial is aimed at helping developers monetize apps more quickly amid the popularity of free apps, which don't always return a developer's investment. It could also help make ads on mobile devices more relevant.

The move is a challenge to Google's AdSense, a long-established platform that serves up automatic text, image, or video ads to targeted websites. AdSense has delivered nearly 30 percent of Google's revenue in recent years.

Facebook has long been planning and experimenting with mobile ads apart from those on its own Facebook mobile platform, but it said the current trial is different from previous forays because of the direct partnerships with advertisers and publishers. The current test is more like a mobile ad network, Krishnan said.

In the third quarter of 2013, Facebook's mobile ads made up 49 percent of its US$1.8 billion advertising revenue, up 66 percent from the same quarter in the previous year.

16.01 | 0 komentar | Read More

Google dismisses eavesdropping threat in Chrome feature

Google said there's no threat from a speech recognition feature in its Chrome browser that a developer said could be used to listen in on users.

Web developer Tal Ater wrote he found the multiple bugs in Chrome while working on a JavaScript speech recognition software library he maintains, called "annyang."

He created an exploit that could allow a website to continue accessing a computer's microphone after a person thinks they've left a website. Some websites are enabled to use speech recognition, where the website has access to voice commands from a computer's microphone.

"It may seem I have shot myself in the foot by exposing this," Ater wrote. "But I have no doubt that by exposing this, we can ensure that these issues will be resolved soon."

Google acknowledged the problem and had a patch ready by Sept. 24, Ater wrote. The company nominated him for a reward for finding the vulnerabilities, he wrote. Google later decided the issue he found didn't qualify for a bug bounty reward.

But Google never pushed out an update to Chrome. In a statement, Google said it designed the speech recognition feature with security in mind and the feature is in compliance with W3C (World Wide Web Consortium) coding standards.

"We've reinvestigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it," it said.

Websites enabling the feature ask users for permission to use their microphone first, and Chrome indicates the microphone is active with a red dot in the browser tab.

But Ater found that Chrome remembers if a person granted permission to a site that uses HTTPS, a security feature that encrypts communication between a client and a server. It will allow sites using HTTPS to start listening in the future without asking for permission again.

Ater described a scenario where a website could be configured in a more malicious way to launch a "popunder" window, which is another browser window behind the main one.

If someone navigates off the main page, they may be unaware the popunder window is still active, recording their voice. The popunder window could also be disguised as an advertisement, concealing its true purpose.

"This can be done in a window that you never saw, never interacted with and probably didn't even know was there," Ater wrote.

The spying window could also be programmed to stay dormant until someone says certain, interesting keywords, according to a demonstration video on Ater's site.

The attack doesn't work if permission isn't granted to enable speech recognition.

16.00 | 0 komentar | Read More

U.S. Supreme Court: Burden of proof of infringement on patent holder

The U.S. Supreme Court has upheld that it is up to the patent holder ordinarily to prove infringement in a lawsuit, a ruling that could have vast implications on the litigious technology industry.

The lawsuit traces its origin to a patent dispute between medical devices maker Medtronic and patent holder Mirowski Family Ventures. Medtronic, which was a licensee of Mirowski since 1991 through its sub-licensee, asked the U.S. District Court for the District of Delaware in 2007 for a declaratory judgment that its new products did not infringe Mirowski's patents and that the patents were invalid.

A patentee ordinarily bears the burden of proving infringement, Justice Stephen G. Breyer wrote, while delivering the opinion of the Supreme Court. "This case asks us to decide whether the burden of proof shifts when the patentee is a defendant in a declaratory judgment action, and the plaintiff (the potential infringer) seeks a judgment that he does not infringe the patent."

Mirowski had given Medtronic notice that it believed seven new Medtronic products violated various claims contained in two of its patents. The patents were related to devices that cause the heart's ventricles to contract simultaneously as the heart beats. As provided by an earlier agreement with Mirowski, Medtronic paid all the relevant royalties into an escrow account when filing the lawsuit.

The court in Delaware ruled that it was up to Mirowski to prove infringement, and after a bench trial found that Mirowski had not proved infringement. The decision was over-ruled by the U.S. Court of Appeals for the Federal Circuit, which said it was up to Medtronic to prove its case, as it bore the "burden of persuasion."

The Supreme Court on Wednesday upheld the decision of the district court, stating that it holds that "when a licensee seeks a declaratory judgment against a patentee to establish that there is no infringement, the burden of proving infringement remains with the patentee."

16.00 | 0 komentar | Read More

Google Glass user questioned in Ohio theater for suspected piracy

Google Glass has raised privacy concerns in many countries. It now appears that it is being monitored as a potential aid to copyright infringement.

A man who wore Google Glass to a movie theater in Ohio was detained and interrogated by officials of the Department of Homeland Security, highlighting concerns that the device may be used by people to illegally record movies at a theater.

A spokesman for the Motion Picture Association of America, which works closely with theaters all over the U.S. to curb camcording and "theater-originated piracy," said Tuesday that no such activity was discovered in the particular case.

The DHS could not be immediately reached for comment.

In an account to the Gadgeteer, the unnamed person said he went to AMC theater in Easton Mall in Columbus, Ohio, on Saturday to watch a movie with his wife. "Because I don't want Glass to distract me during the movie, I turn them off (but since my prescription lenses are on the frame, I still wear them)," he told the gadget review website.

DHS officials questioned the person and let him go after they determined he was not using the device to record the film, a source close to the situation said.

AMC Theatres confirmed in a message on Twitter that "it is true that a guest with a potential recording device inside the auditorium was questioned at our AMC Easton 30." The theater had contacted MPAA investigators and later referred the issue to the DHS, according to the source.

Google was not immediately available for comment.

"Google Glass is an incredible innovation in the mobile sphere, and we have seen no proof that it is currently a significant threat that could result in content theft," the MPAA spokesman said via email.

Users of Google Glass have had brushes with the law on other occasions. A court in Southern California dismissed earlier this month a traffic citation issued for wearing Google Glass while driving. The driver was stopped and issued a ticket for speeding. She got the second ticket after the California Highway Patrol officer noticed that she was wearing Google Glass.

The court commissioner dismissed the charge, saying he found no evidence that the device was in operation at the time, according to reports. The woman, Cecilia Abadie, had been cited for breaking a California state law that bars motorists from having video screens for entertainment or business applications in their line of sight while driving.

The Canadian privacy commissioner and other data protection authorities, including those in Australia, New Zealand and Israel, raised privacy concerns in June about Google's Glass in a joint letter to the company's CEO Larry Page. The authorities asked, among other questions, what were the privacy safeguards Google and application developers are putting in place, and how the device complies with data protection laws.

16.01 | 0 komentar | Read More

As Target breach unfolds, information vanishes from Web

At least three security companies have scrubbed information related to Target from the Web, highlighting the ongoing sensitivity around one of the largest-ever data breaches.

How hackers broke into Target and installed malware on point-of-sale terminals that harvested up to 40 million payment card details is extremely sensitive. Now, details that give insight into the attack are being hastily removed or redacted, perhaps not to tip off hackers or jeopardize the investigation.

On Dec. 18, a malicious software sample was submitted to ThreatExpert.com, a Symantec-owned service. But the public report the service generated vanished.

The report was a technical description of how the Target malware functioned, including network drive maps, an IP address and a login and password for an internal company server.

Last week, iSight Partners, a Dallas-based cybersecurity company that is working with the U.S. Secret Service, published a series of questions and answers on its website related to the attacks on point-of-sale devices at U.S retailers. That too vanished on Thursday.

In another example, Intel-owned McAfee redacted on Tuesday a blog post from last week that contained technical detail similar to the ThreatExpert.com report.

ThreatExpert.com is an automated service that analyzes submitted files to figure out how they behave. It has an archive of reports as a resource for the security community, which can be searched.

Brian Krebs, a security writer, noted ThreatExpert.com's report on the Target malware was removed and that it also disappeared from Google's cache shortly after he published a post on Jan. 15. He preserved a PDF of it, however, when it was still available in Google's cache.

When queried, a Symantec spokeswoman said "we took the initiative to remove it because we didn't want the information to compromise the ongoing investigation."

Alex Holden, founder of Hold Security, said it was the right move for Symantec to pull the report, as attackers might have been able to use the information to compromise other point-of-sale devices at other retailers.

"I was surprised that this information was posted on the Internet in the first place," Holden said. "Besides having a Target machine's name and its IP address, system structure and drive mapping, it discloses a very vital set of credentials setup specifically for exploitation of the device."

Many other malware reports on ThreatExpert.com can be found through Google's search engine that display login credentials.

Although the ThreatExpert.com report remains offline, McAfee published similar information last week.

McAfee's revision removes the IP address, substituting instead the phrase "EPOS_IPaddr," or electronic point-of-sale IP address. Other specific data was replaced with <username> and <password>.

The information published on iSight Partners' website did not contain the level of technical detail matching either ThreatExpert.com or McAfee. It wasn't clear what might have triggered its disappearance, but it did describe the malware as using a "a new kind of attack method" that made it harder to forensically detect.

An iSight spokeswoman didn't directly address why the information was withdrawn. "As this evolves, we are working on the best way to get the most important information out to people," she wrote via email on Sunday.

As many as six other U.S. companies are believed to be victims of point-of-sale related attacks, where malware intercepts unencrypted card details. So far, Target and high-end retailer Neiman Marcus have acknowledged the attacks.

16.01 | 0 komentar | Read More

California court rules Samsung infringed Apple patent ahead of trial

A court in California has ruled that Samsung Electronics infringed in its devices an Apple patent on word recommendations during text input, ahead of a March trial.

Judge Lucy H. Koh of the U.S. District Court for the Northern District of California, San Jose division also ruled that a Samsung patent in the suit was invalid.

At the center of the second patent lawsuit before the court are some of Apple and Samsung's latest smartphones, media players, tablets and computers, including the Galaxy S III, iPhone 5, iPad mini and the fourth-generation iPad, also referred to as the iPad 4. The court earlier ordered the parties to limit their infringement contentions to five patents, 10 asserted claims, and 15 accused products per side.

Judge Koh ruled Tuesday that Samsung infringed Apple's patent that discloses a "method, system, and interface" for providing word recommendations that can be selected by users who are entering text into a mobile communication device. U.S. Patent No. 8,074,172, titled "Method, system, and graphical user interface for providing word recommendations," was issued to Apple on Dec. 6, 2011.

Samsung had held that claim 18 of the patent required a physical keyboard, which the accused Apple products lack. But the judge wrote in her order that "the court holds that no reasonable jury could conclude that the virtual keyboards of the '172 Accused Products fall outside of the plain and ordinary meaning of the term 'keyboard' in claim 18."

The Samsung patent, entitled "Multimedia synchronization method and device," covers synchronizing a number of devices in a multimedia environment so that users can access their music and video collection at different locations. Apple asserted that it was entitled to summary judgment that claims 1, 14 and 15 of the U.S. Patent No. 7,577,757 are anticipated by another patent, which the judge agreed to in her ruling.

The Tuesday ruling was not a complete win for Apple. In the same ruling, Judge Koh also denied Apple's motions for summary judgment of infringement of two of its patents and on the validity of one of its patents.

The CEOs of Apple and Samsung are scheduled to participate in mediation ahead of a March trial in the patent dispute. The meeting to be held by Feb. 19 is viewed with skepticism as similar mediation efforts have not been successful previously.(

In another lawsuit in the court, a jury awarded damages to Apple of US$1.05 billion in 2012, after deciding that Samsung had infringed on Apple's patents in its products. The damages were reduced after a second trial last year for recalculating a part of the damages, but Samsung still has to pay Apple about $930 million.

16.01 | 0 komentar | Read More

Two coders closely tied to Target-related malware, security firm says

A Los Angeles security company has named a second individual living in Eastern Europe whom they suspect coded malicious software that was modified and used against Target.

The information comes from an analysis of "cyberprints," or a collection of data and postings on underground password-protected forums where stolen card data and malware are sold, said Dan Clements, IntelCrawler's president, in a phone interview Monday.

IntelCrawler named a 17-year-old Russian teenager on Friday it suspects created the Kaptoxa malware, also known as BlackPOS, which intercepts unencrypted payment card details just after a card is swiped at a point-of-sale terminal.

On Monday, it revised the post and named a second individual. Clements said the revised post reflects new information that indicates the two individuals used the same nickname, "ree4," in forum postings dating back to March 2013.

"We haven't back off our position that 'ree4'...is a coder behind BlackPOS," he said. "The position of being 100 percent certain of who commits a crime behind a keyboard cannot be established unless there is a time-stamped camera behind that keyboard."

The 17-year-old is alleged to have first marketed BlackPOS and possessed its source code, while the newly named individual may have provided technical support. BlackPOS was sold for US$2,000 or for a share of the profits made from stolen payment card details, according to IntelCrawler.

IDG News Service is not naming the individuals since it appears they have not been charged with a crime.

IntelCrawler believes that the two sold BlackPOS to other cybercriminals, who then employed it against Target and other retailers. Forum postings indicate as many as nine people may be intimately involved in a string of data breaches against U.S. retailers using POS malware.

At least six more retailers have been compromised, IntelCrawler has said, based on its monitoring of underground forums. None of those companies have come forward or been identified.

Target said between Nov. 27 and Dec. 15, cyberattackers installed malware on its point-of-sale terminals, compromising 40 million payment card details. It later said personal records for 70 million customers were also at risk, but did not say how that information was stolen.

Neiman Marcus, another U.S. retailer, is also investigating a data breach involving its customers' payment card details. The company said last week it's unknown if their breach is related to Target's.

ISight Partners, a Dallas-based cybercrime intelligence company working with the U.S. Secret Service, wrote in a Jan. 14 analysis that the Target malware is a variant of BlackPOS, based on an analysis of its code.

The Target malware stole 11GB of payment card data, according to another analysis by security firm Seculert. It stayed quiet for six days, then moved the data onto another computer in Target's network.

The data was then sent to another server that had been hacked located in the U.S. before it was transmitted again to a virtual private server (VPS) in Russia, likely another proxy, said Aviv Raff, Seculert's CTO, in an interview last week.

16.00 | 0 komentar | Read More