JPMorgan Chase breach affected 83 million customers

Names, addresses, phone numbers and email addresses were compromised in a cyberattack on JPMorgan Chase but no "unusual" fraud has yet been detected.

All told, 76 million households and 7 million small businesses were affected, the bank wrote in a 8-K filing Thursday to the U.S. Securities and Exchange Commission.

In addition to customer information, the attack also "compromised internal Chase data used in connection with providing or offering services, such as the Chase line of business the user is affiliated with," according to an FAQ for customers on its website.

Bank account numbers, passwords, user IDs, birth dates as well as credit, debit and Social Security numbers are not believed to have been compromised, it wrote.

"Since we have seen no evidence of unusual fraud activity, we don't think customers need to go through the inconvenience of having their cards reissued," the notice said.

The bank didn't provide many other details about the attack, but said its customers who used its online or mobile services on Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile were affected.

A JPMorgan Chase spokeswoman said via email Thursday that the bank experienced only one attack, which lasted from June through August.

The regulatory filing contained the most information JPMorgan Chase has released to date on the scope of the attacks, which surfaced in media reports in late August.

At that time, JPMorgan Chase declined to confirm the attacks, saying that companies of its size experience cyberattacks nearly every day.

The U.S. Federal Bureau of Investigation said around the same time that it was working with the Secret Service to determine the scope of the attacks, which were rumored to affect other U.S. financial institutions.

Because no financial data was compromised, JPMorgan Chase said it is not "necessary" for customers to subscribe to a credit or identity theft monitoring service. Many companies that have experienced a data breach offer those services for free, usually for a year.

It warned that phishing attacks—which seek to trick users into visiting malicious websites or clicking risky links—are the biggest risk after contact information has been compromised.

"Don't click on links or download attachments in emails from unknown senders or other suspicious email," the bank advised. "We will never ask you to enter your personal information in an email or text message."

The bank said its probe is continuing and it is working with government agencies that are also investigating.

"Attacks like these are frustrating," it said in another statement on its website. "There are always lessons to be learned, and we will learn from this one and use that knowledge to make our defenses even stronger."

16.01 | 0 komentar | Read More

IBM pumping more horsepower into Watson successors

IBM is pumping more horsepower into servers based on its Power architecture, which is best known for arming the Watson supercomputer to outperform humans in game show "Jeopardy."

The company on Friday teased chip- and server-level upgrades for new Power servers that will start shipping in 2016. The servers will be faster than Watson and existing systems running on IBM's current Power8 chips.

Power chips are now central to IBM's server business after the sale of its x86 server business to Lenovo for US$2.1 billion. IBM hopes to speed up application performance with support for a faster bus and "advanced" memory, said Brad McCredie, vice president and fellow at IBM.

IBM is adopting Nvidia's NVLink interconnect technology, which will enable faster data transfers inside servers. There's an appetite for more bandwidth as computers get faster, and NVLink could resolve latency issues.

NVLink can provide five times more throughput than the PCI-Express pipes used in servers today, Nvidia has said. Programs will run faster with swifter data movement between processors, memory, storage and other components.

NVLink will eventually lead to a new Power chip that McCredie in jest termed "Power Next." Nvidia also has plans to use the NVLink interconnect in its graphics processors, which could then be plugged into IBM's upcoming servers. GPUs are considered faster for mathematical calculations and scientific analysis.

IBM will also work with top memory makers to bring new forms of memory into Power servers, McCredie said.

The company is working with partners to bring new technologies to Power chips and servers via the OpenPower Foundation, which has Samsung, Google, Tyan and Nvidia as members. The consortium came into existence in 2013 after IBM started licensing its Power architecture so third-party companies can develop chips, servers and components.

Google has already shown a prototype server based on Power chips, and server makers like Tyan are expected to come out with the first non-IBM Power servers. By pushing Power into more off-the-shelf servers, IBM wants to break the dominance of Intel's x86 server chips. IBM is particularly targeting the China market, where server shipments are booming.

OpenPower is still a fledgling effort and the Power architecture will also have to contend with ARM, whose low-power processors designs are finally appearing in servers. But many data centers have already standardized around x86, so a change in architecture would require big software and infrastructure investments. IBM is trying to build a cohesive ecosystem that balances software and hardware development.

IBM has so far held control over the development of chips based on Power, but through OpenPower is also encouraging third parties to make derivative chips based on the architecture. Such chips are still far off, and could start appearing in 2016 or later, McCredie said.

In the meanwhile, IBM continues to develop servers based on Power8. The company introduced the two-socket Power S824L server, which is targeted at analytics, Web hosting and workloads. Nvidia's GPUs can be attached to the server. The server will ship this month.

IBM also introduced new Power Enterprise Systems, which are eight-socket servers running the fastest Power8 chips. The servers are capable of running Linux and IBM's Unix-based operating systems. IBM characterized the servers as being targeted at "mission critical" environments, in which high system uptime is considered paramount.

The company didn't provide the pricing for the new servers.

16.00 | 0 komentar | Read More

Panasonic unveils pin-sized battery for wearables

Power-sipping wearable devices could become smaller with a new rechargeable battery from Panasonic.

The electronics maker on Friday announced a "pin-shaped" lithium-ion battery that's 20 millimeters long with a diameter of 3.5 mm, about one-twentieth the size of AAA batteries. Panasonic said it's the smallest in the industry in terms of capacity by volume.

The CG-320 battery has a nominal capacity of 13 mAh and voltage of 3.75 V, which allows for Bluetooth and NFC (near-field communication) links with smartphones.

Its compact form factor and low weight make it ideal for wearable devices such as smart glasses, fitness bands and hearing aids as well as electronic pens, according to Panasonic.

While compact batteries could shrink the overall size of wearables, usability and interfaces help determine how big they are.

"The size, which is the smallest of its kind in the industry, can allow more flexible product design, and high strength and stability of form delivers high reliability," a spokeswoman for Panasonic wrote in an email.

The battery could also help reduce the size and weight of wearables, she said, adding that the Internet of Things (IoT) is another possible application.

The CG-320's capacity is lower than that of a wearable battery such as the Jawbone UP24 activity monitor's 32 mAh lithium-ion polymer battery, but the latter is larger.

Panasonic is developing two more pin-shaped batteries with capacities of 30 mAh and 50 mAh. They're slightly larger and heavier than the CG-320.

Battery size and power are a key aspect of wearable devices that has been putting a damper on wider-scale development and popularization. The Apple Watch, for instance, will likely require a daily recharge. That can be seen as a big hassle for a device that's relatively small.

A number of attempts to innovate on materials and control systems for wearable batteries are being pursued.

The U.S. Department of Energy's Oak Ridge National Laboratory has tested a prototype battery based on the lithium carbon fluoride (CFx) chemical formula that could go for 10 years or more without a recharge.

Jawbone, meanwhile, doubled the battery charge of the UP24 to two weeks through a firmware update with enhanced algorithms.

Panasonic's battery is similar to conventional cylindrical lithium-ion batteries. It has negative and positive electrode sheets wrapped around each other inside a small stainless steel tube.

The company plans to mass-produce the battery, with monthly production of 100,000 units and shipping to begin in February. Before that, it will show off the CG-320 at the Ceatec tech expo outside Tokyo next week.

16.00 | 0 komentar | Read More

Report: LulzSec leader directed cyberattacks while working for FBI

The leader of the now-disbanded LulzSec hacking group directed members to attack targets in dozens of countries, including the U.K., Turkey, Brazil and Australia, even as he was serving as an FBI informant, according to a news report.

LulzSec leader Hector Xavier Monsegur, known as Sabu, directed hacktivist Jeremy Hammond to attack multiple targets, according to the report in The Daily Dot. Hammond was sentenced in November 2013 to 10 years in prison for attacks on geopolitical intelligence firm Strategic Forecasting.

Monsegur, meanwhile, was released in May after serving about seven months in prison. He had previously pleaded guilty to a 12-count indictment outlining various fraud and hacking charges. Prosecutors, in arguing for a short sentence, cited his "extraordinary" cooperation with investigators.

Monsegur directed cyberattacks against targets in 30 countries in early 2012, said The Daily Dot, citing a previously unreleased sentencing memo for Hammond.

In January 2012, Hammond penetrated two servers targeted by Monsegur, including one containing 3,520 domains, many of them in the Netherlands and Belgium, and another containing 392 Brazilian domains, according to the story.

Other targets of LulzSec, an offshoot of Anonymous, were in the Philippines, Sudan, India, Saudi Arabia and Argentina, according to the story.

Monsegur's lawyer and an FBI representative weren't immediately available for comment.

16.01 | 0 komentar | Read More

Google shakes up cloud services market with another price cut

Google has fired back at Microsoft with cheaper cloud services, signaling another round of price cutting in an increasingly competitive market.

Citing enhanced efficiency in its data centers as well as falling hardware costs, Google on Wednesday said it was cutting prices of its Google Compute Engine by about 10 percent for all instance types in every region.

Rival Microsoft announced last week cuts in the prices of some of its Azure services, available when purchased directly through its website.

In March, Google had announced cuts in cloud services prices, ranging from 32 percent for its Compute Engine, which runs large-scale workloads on virtual machines hosted on Google's infrastructure, to 85 percent for Google BigQuery, designed for analyzing big data in the cloud.

Competitor Amazon Web Services announced cuts in the prices of its services a day after Google, followed by cuts from Microsoft.

Google said at the time that cloud services pricing hadn't followed a drop in hardware prices. Over the past five years, hardware costs were down by 20 to 30 percent annually but public cloud prices fell at just 8 percent per year, it added.

Microsoft said last Thursday, it was cutting by 27 or more percent the prices of some of its mobile and networking services. The cuts covered a number of services including the BizTalk integration service, cache, data transfer, mobile services, multi-factor authentication and SQL Server for virtual machines.

The current price cut by Google is expected to be followed by one by AWS. Microsoft has also previously said it will match Amazon's prices in commodity services.

16.01 | 0 komentar | Read More

How hackers accidentally sold a pre-release XBox One to the FBI

Earlier this week, an indictment was unsealed outlining a long list of charges against a group of men accused of running a three-year hacking spree that stole intellectual property from gaming companies.

Dylan Wheeler, 19, of Perth said in an interview Thursday he was a member of the group, and is one of two unnamed co-conspirators in the indictment. His name is redacted, but includes his online nicknames, including "SuperDae," which is his Twitter handle.

The 65-page indictment is an eye-opening document, which describes how the loose-knit group pilfered the source code for Microsoft's XBox One, Apache helicopter simulation software designed for the U.S. Army and intellectual property from game makers such as Epic Games, Valve Corp. and Activision.

It doesn't appear that U.S. authorities plan to extradite Wheeler, who attends Curtin University, leaving Australian authorities to prosecute him. He was charged in May 2013 by Australian authorities and is scheduled for a hearing in Perth Children's Court on Jan. 27.

Wheeler said he plans to plead innocent, even though in previous interviews with IDG News Service he claimed he breached developer networks affiliated with Microsoft and Sony.

Wheeler provided more information about one of the many capers the group is accused of: the sale of a homemade mockup of Microsoft's XBox One long before the device ever went on sale.

According to the indictment, the four men and Wheeler are accused of breaching Microsoft's Game Developer Network Portal, which is designed for developers to access pre-release tools and software, and PartnerNet, a software platform for game development.

They stole login credentials for those systems, and spent hundreds of hours trolling the networks for confidential intellectual property for the XBox One, which was then referred to by its code-name "Durango."

Wheeler said he worked with the other four defendants remotely, communicating over Skype and instant messenger.

At one point, Wheeler said the group had amassed enough documentation and code to actually build a mockup of an Xbox One together using off-the-shelf hardware components.

Wheeler said Nathan Leroux, 20, of Bowie, Maryland, who is named in the indictment, assembled the device with components bought from NewEgg.com.

During online conversations, someone from a group called Team Xecutor, an online community of XBox enthusiasts, expressed an interest in buying it, Wheeler said.

While he was traveling in Prague, "I actually woke up, and lo and behold there is five grand sitting in my bank account," Wheeler said. "It came through, and we went 'OK!' and we sent it."

Around August 9, 2012, someone identified in the indictment as "Person A" went to Leroux's residence in Maryland and picked up the device.

Person A was instructed to send the device to an address in the Seychelles. But Wheeler said he heard through the group that the package never arrived.

"That was like a red flag to us," he said.

According to the indictment, Person A—whose real name Wheeler said he knows—gave the package to the FBI.

"The FBI actually bought the Durango," Wheeler said.

Wheeler said that and other details that have since emerged indicate that the agency may have been monitoring the group's activities, possibly by tapping Skype.

The other three men charged in the indictment are Sanadodeh Nesheiwat, 28, of Washington, New Jersey; David Pokora, 22, of Mississauga, Ontario, Canada; and Austin Alcala, 18, of McCordsville, Indiana.

Pokora and Nesheiwat pleaded guilty on Tuesday to conspiracy to commit computer fraud and copyright infringement and are scheduled for sentencing on Jan. 13, according to a news release from the U.S. Department of Justice.

16.00 | 0 komentar | Read More

Malware program targets Hong Kong protesters using Apple devices

A malware program that targets Hong Kong activists using Apple devices has trademarks of being developed by a nation-state, possibly China, according to a security company.

Lacoon Mobile Security of San Francisco wrote on its blog on Tuesday that the malware, called Xsser mRAT, is the "first and most advanced, fully operational Chinese iOS trojan found to date."

The Apple malware is related to a malicious Android one found last month that advertised itself as a way for activists to coordinate protests, Lacoon wrote.

Hong Kong has seen massive demonstrations after China moved to only allow candidates it approves to run in the election of the territory's chief executive in 2017. Activists charge China reneged on a promise of an election without restrictions.

It's not usual to see malware emerge that has been customized to capitalize on current events, and security experts have long documented programs suspected to have been created to monitor dissidents and activists.

Xsser mRAT can steal SMS messages, call logs, location data, photos, address books, data from the Chinese messaging application Tencent and passwords from the iOS keychain, Lacoon wrote.

"Although it shows initial signs of being a targeted attack on Chinese protesters, the full extent of how Xsser mRAT is being used is anyone's guess," the company wrote. "It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies or even entire governments."

However, there is a saving grace: only iOS devices that have been jailbroken, or modified to run unauthorized apps, would be able to run the malware, according to Lacoon. Apple tightly vets the applications on its App Store and advises that people do not jailbreak their devices.

Lacoon wrote that the Android version was making the rounds through links distributed on the messaging application WhatsApp. The messages came from an unknown phone number, reading: "Check out this Android app designed by Code4HK, group of activist coders, for the coordination of Occupy Central!"

Code4HK told the South China Morning Post newspaper that it had nothing to do with the application, according to a Sept. 17 story.

Lacoon found the same server used to control the Android malware also hosted the iOS malware. Such targeting of both Android and iOS devices is rare, the company wrote, which may "indicate that this may be conducted by a very large organization or nation state."

16.01 | 0 komentar | Read More

Path takes laziness to a new level with business messaging

Apps are making it a little too easy to avoid fellow humans. You don't have to hail a cab, order food delivery over the phone, or even walk down to the laundromat, all thanks to apps. But sometimes you have queries that need to be answered by actual people. Don't worry: Path will handle that for you.

You can "message" businesses on Path Talk, which really means that Path reps call businesses for you.

The social network, once considered a Facebook rival, in June spun off its chat feature into a stand-alone app called Talk—like Facebook did with Messenger. Path also bought messaging app TalkTo, which lets you text a business with questions. Now Talk and TalkTo have been combined so you can message a place directly from Talk.

It's an intriguing premise: Text a place with a question and wait for its response. But the way Talk really works is decidedly low-tech. You don't message a place, you actually message a Path agent who then calls the business to ask your question. Once the agent has an answer for you, you'll get a Talk message. This isn't innovation. It's a weird game of Telephone. Are you really such a misanthrope that you can't pick up the phone and make your own hair appointment or dinner reservation? The agents don't have any sort of special access to the businesses you need to reach, and as The Verge noted, they don't get answers any faster than you could on your own.

Place messaging builds on existing Talk features like ambient status updates, which let your friends know where you are or if your battery is low, and Snapchat-like disappearing messages. Path vice president Cynthia Samanian told The Verge that the company envisions Talk as the "hub for all your important messages and communications." But while an app that communicates with businesses on your behalf and broadcast your location to friends is certainly unique, the world has reached peak messaging.

16.01 | 0 komentar | Read More

Intel pushes factory IoT with $9 million cost savings at plant

The Internet of Things is billed as an almost magical realm of possibilities where everything from thermostats to cars will be online.

Industrial applications are a key proving ground. Combined with big data analytics, plants full of smart things could generate billions of U.S. dollars in cost savings.

But manufacturers will have to see convincing evidence that IoT will benefit them before they sign on to the concept, according to Intel, which makes chips for IoT gateways.

"We'll have to provide proof points for a period of time to demonstrate the value and effectiveness of the capabilities," Intel Asia-Pacific sales director Philip Cronin said in an interview Tuesday in Tokyo.

Cronin was referring to a collaborative pilot project using IoT technology in which Intel generated US$9 million in cost savings at its plant in Penang, Malaysia.

CPU tester modules in a semiconductor manufacturing line at the plant were retrofitted with sensors. They then sent data to Mitsubishi Electric C Controller gateway devices powered by Intel Atom chips. After some filtering, the data were then processed using software from Revolution Analytics.

Putting the data results into practice resulted in a reduction in component failures, increased equipment uptime and productivity, according to Intel. Mitsubishi Electric said the approach can also reduce energy costs at manufacturing facilities.

"This is a whole new environment for a lot of people," Cronin said. "There's no better place to talk about it than the fact that we did it for ourselves."

Industrial IoT applications could begin in areas such as heating, ventilation and air conditioning (HVAC) services. Equipping commercial air conditioners with low-cost sensors and communications capability, for instance, would produce an enormous volume of data that could predict when units will need service.

"We think predictive maintenance will be one of the bigger plays because it lends itself to IoT easily," Cronin said. "If I have a thousand machines at a motor car plant and I can figure out which ones are running too far, too high, too soon then I start to get into predictive maintenance and the resultant savings."

Intel is promoting its Quark processors, which are small, low-power chips, for next-generation IoT gateway devices as well as sensors and wearable devices.

The chips could also be used in applications such as car headlights that can adjust to weather conditions for improved visibility.

While the chips can run standard x86 code, the spread of IoT will require progress in developing other standards and best practices for everyone to use.

Intel is collaborating with the Open Interconnect Consortium and the Industrial Internet Consortium, two groups that are working to realize a future of billions of smart devices and components that can communicate over networks.

Developing standards and practices will take time, but the consortiums have already gathered dozens of member companies across a range of industries.

"We're trying to make this as open as possible, because if it becomes proprietary and vertical, it won't proliferate," Cronin said.

16.00 | 0 komentar | Read More

Oracle's Larry Ellison throws down the cloud gauntlet

Oracle CTO and executive chairman Larry Ellison, who just a few years ago famously mocked the notion of cloud computing, has positioned the company as one set up to become the industry's largest cloud player, with something to offer customers at all levels of the stack.

"We couldn't just be a specialist in [software as a service] like a Salesforce.com," Ellison said Sunday during a keynote at Oracle's OpenWorld conference in San Francisco. "We couldn't be a specialist in [infrastructure as a service] like an Amazon."

While Oracle has been building out the various pieces of its cloud portfolio steadily over the past couple of years, it seemed like Ellison saw this year's conference as a chance to tell the industry that the entire meal is now fully baked.

One of the main courses is Oracle's entry into the PaaS (platform as a service) market, with which customers can move on-premises Java applications to Oracle's cloud database and WebLogic server cloud with "a push of a button," Ellison said. Non-Java applications have a home up in Oracle's skies too, as they can run on its IaaS, also with just a push of a button.

Oracle's PaaS also "endows the applications you build with modernity," according to Ellison, who cited its additional services for social, mobility, analytics and identity management.

This is the same stuff Oracle's own development teams use, which is another differentiator, he said.

"No one else offers their platform to extend their SaaS applications," Ellison claimed. "Nobody. Let me be clear. Most of our SaaS competitors don't have any platform at all. If you want to extend [their] application, you press a few buttons and a few levers, and you're done."

Ellison recently stepped down from his long-time role as Oracle CEO, with that title now shared by Mark Hurd and Safra Catz. But he didn't shy away from delivering the competitive barbs for which he's well-known.

For example, as he is prone to do, Ellison pointed out that many of today's most prominent SaaS (software as a service) vendors actually use some Oracle technology under the hood of their products.

One of these is Salesforce.com, although Ellison acknowledged the company as a formidable competitor in CRM (customer relationship management) applications.

"Salesforce is the best of the rest," he said. "At least they have a platform. The other guys, who, Workday? they don't have a platform. Missing in action."

He reserved the coldest cuts for SAP, which has created a PaaS (platform as a service) around its Hana in-memory computing platform.

"I'm going to try to be nice," Ellison said. "It's so hard. I have no idea what runs on Hana. It's rude but it's the truth. And it's kinda funny. What cloud? Let's just talk about Earth. I really like those guys."

SAP's SuccessFactors and Cloud for Sales applications are already running on Hana and work is "well underway" to move SAP's Ariba software to the platform as well, a company spokeswoman said via email after Ellison's remarks. SAP has also said more than 1,500 startups are using Hana to build products.

Ellison also updated the OpenWorld crowd on Oracle's progress in SaaS.

"We have by far the largest portfolio of cloud applications than anybody," he claimed. "We built a lot more in 2014. We bought a lot more in 2014. We definitely had a build-and-buy strategy."

Slide after slide detailing hundreds of SaaS applications flashed on the large screen behind Ellison as he ticked through a laundry list of software categories Oracle has products for in the cloud.

In the past 12 months, Oracle picked up 2,181 total new SaaS customers, according to one slide. More than 1,000 of those bought customer experience applications, while another 959 invested in HCM (human capital management) and 263 in ERP (enterprise resource planning).

Oracle also added 725 customers for Fusion Applications, the homegrown suite it developed at great time and cost. The company is keen to show growth in Fusion continues even as it acquires SaaS vendors and releases new cloud applications.

"2014 is an inflection point for us," Ellison said of Oracle's cloud software. These suites are now all available."

Meanwhile, Oracle's IaaS will have "the same pricing as Amazon or any other IaaS provider," Ellison said. Oracle may have little choice here, given the steady downward pressure on pricing seen in the IaaS market of late.

Underpinning everything is a major emphasis on security at Oracle, according to Ellison. "Security is becoming job one."

Oracle's recently announced M7 chip includes software-on-silicon features aimed not only at performance but also advanced security.

"You've got hardwired protection in the silicon itself protecting against memory violations," which can thwart a malicious program's attack, Ellison said. "It saves you a fortune in finding really difficult bugs. This is a very big deal. it's the most important piece of engineering we've done in security in a very, very long time." The M7 is set for release next year.

More than 60,000 people are attending OpenWorld in person and seven million online viewers are expected to view presentations from the show online, according to Oracle.

16.01 | 0 komentar | Read More