Verizon Fixes Serious Securty Flaw In FiOS

Verizon corrected a serious vulnerability in its My FiOS mobile application that granted unfettered access to email accounts, according to a developer who found the problem.

Randy Westergren, a senior software developer with XDA Developers, looked at the Android version of My FiOS, which is used for account management, email and scheduling video recordings.

“Since Verizon has a good amount of my information, I thought it would be a good candidate for research,” Westergren wrote on his personal blog. “I was right, and the results were astonishing.”

The flaw, contained in the application’s API, could have allowed an attacker to read individual messages from a person’s Verizon inbox and even send emails from an account, he wrote.

Westergren looked at the traffic sent back and forth between My FiOS and Verizon’s servers. He found My FiOS would return the content of someone else’s email inbox by simply substituting a different user ID in a request.

He contacted Verizony, which later acknowledged the problem. Verizon issued a fix last Friday, Westergren wrote.

“Verizon’s security group seemed to immediately realize the impact of this vulnerability and took it very seriously,” Westergren wrote. “They were very responsive during this process and even arranged for a free year of FiOS Internet service as a token of their gratitude.”

Source

Net Neutrality Vote Coming Next Month

The U.S. Federal Communications Commission will finally vote on new net neutrality rules in their February meeting.

FCC Chairman Tom Wheeler will bring a proposal to a vote during the commission’s Feb. 26 meeting, FCC spokeswoman Kim Hart said Friday, following a report in the Washington Post.

It’s unclear, however, what form those rules will take. Hart declined to comment further on the net neutrality order Wheeler plans to circulate in February.

Many telecom policy experts had expected the FCC to take action on net neutrality early this year after a year-long fight over the issue.

Nearly a year ago, a U.S. appeals court threw out a large portion of net neutrality rules the FCC approved in late 2010. The court ruled that the FCC’s rules came too close to common carrier regulations when the commission didn’t take the step of reclassifying broadband providers as regulated utilities. The court, however, pointed to a couple if sections of the Telecommunications Act that the FCC could use to pass net neutrality regulations.

After launching a net neutrality proceeding in early 2014, the FCC has received nearly 4 million public comments about proposed regulations. Wheeler originally proposed that the FCC adopt rules that would allow broadband providers to engage in “commercially reasonable” traffic management, and in limited cases, charge Web content providers and services for prioritized traffic.

But many people filing comments, and groups like Free Press and Public Knowledge, called on the FCC to pass stronger rules prohibiting traffic prioritization deals. Many advocates of strong net neutrality rules want the FCC to reclassify broadband as a regulated public utility, while exempting them from some common carrier rules, like price regulation.

Recent news reports have suggested Wheeler is leaning toward so-called hybrid net neutrality rules that would classify a part of broadband service as a regulated public utility.

Source

Samsung Goes With Tizen

Samsung Electronics Co Ltd has announced that all its new smart television products launched in 2015 will be powered by the Tizen operating system, marking a fresh effort by the company to increase the usage of the software platform.

Smart TVs offer additional software and connectivity functions, such as video streaming and web browsing capabilities. Samsung demonstrated TV sets powered by Tizen at developer conferences last year.

“We are focusing our efforts on Tizen right now,” Kim Hyun-suk, Samsung’s president of visual display business, told Reuters in an interview. “We hope that other TV makers will also use it and help build an ecosystem that will help the platform grow.”

Televisions would be an addition to the modest stable of Tizen products, which consists of a few smartwatches and cameras despite years of development and support by the world’s top maker of smartphones and TVs.

The platform represents the most visible effort on the software front by Samsung, which has sought to free itself from Google Inc’s Android platform.

But Tizen has so far failed to take off, due in part to Samsung’s failure to launch a smartphone powered by the system. Some analysts are skeptical about the platform’s viability despite Samsung’s standing as top smartphone maker, especially as Android and Apple Inc’s iOS tighten their grip in the smartphone sector.

Developers say that until there is a meaningful user base for Tizen they will have little incentive to make innovative software applications for the system, deemed crucial if Samsung is to convince wary consumers to try it out.

While the launch of Tizen-based TVs will increase the platform’s user base, it is unclear if that alone will be enough to pique developers’ interest. Users of smart TVs tend to use fewer apps than they would on smartphones.

Still, the operating system is expected to play a key role in Samsung’s smart-home business. Tizen can also run on devices with low computing power such as refrigerators and washing machines, offering a way for users to monitor and control such devices remotely.

Source

Can The USPS Win At E-commerce?

Dealing with a decline in the mail it has been delivering since the days of America’s Revolutionary War, in 2012 the U.S. Postal Service began aggressively targeting e-commerce and lapsed customers as the way to salvage its slumping business.

“Really it started almost at the level of cold-calling, talking to people who really hadn’t spoken to us in a long time,” said Nagisa Manabe, who joined the USPS in May 2012 as chief marketing and sales officer from Coca-Cola Co after a career in the private sector. “And really trying to persuade them to consider us as a very viable alternative in the shipping market.”

With further drops in its traditional bread-and-butter products ahead, the USPS wants to capitalize on e-commerce, which consulting firm Detroit LLP has predicted should grow 14 percent this holiday season alone. But industry experts question whether the USPS has enough space in its delivery vans and whether its unionized work force can handle a greater proportion of the e-commerce market.

Over the past two years the USPS has rolled out real-time scanning for packages, a vital tool for online retailers and consumers alike to track their packages. It is also upgrading all of its delivery workers’ handheld scanners.

The rise of the Internet has taken a heavy toll on first-class mail, the USPS’s most profitable product. That falling business played a significant role in the USPS’s fiscal 2014 loss of $5.5 billion, its eighth consecutive year in the red.

From 2009 to 2013, the volume of first-class mail deliveries dropped more than 20 percent. In the fiscal year ending Sept. 30, USPS deliveries declined to 155.4 billion pieces from 158.2 billion. First-class deliveries accounted for 2.2 billion pieces of that decline.

But package deliveries rose to more than 4 billion pieces from 3.7 billion, accounting for $1.1 billion of the USPS’s revenue growth of $1.9 billion. In the run-up to Christmas, the USPS has been doing Sunday deliveries for Amazon.com Inc in a number of cities. Manabe adds that the agency will handle the online retailer’s push into same-day and next-day deliveries “in many markets.”

EBay Inc is another major customer and Manabe says “pretty much anyone who’s in the e-commerce space at least does some volume with us.”

Source

Oracle Acquires Datalogix

On Monday, Oracle agreed to purchase Datalogix for an undisclosed sum, saying that together the companies will provide marketers with a richer understanding of what consumers do, say and buy, allowing them to measure the effectiveness of their different campaigns and advertising channels.

Oracle plans to link the Datalogix service, which provides the spending data to customers through a cloud-based tool, to its other cloud-based services via Oracle Identity Graph. This, it said, will allow it to connect consumer identities to build better profiles that can be used to personalize online and mobile services — and even to target them offline and via the TV.

It made no commitment to maintain the existing Datalogix product roadmap, saying that it was still reviewing its plans. The companies set no timeline for completing the deal, which they said must meet customary closing conditions including obtaining regulatory approval.

Source

Google Moves To Drop CAPTCHA

Google announced that it is trying to get rid of those annoying CAPTCHAs required by websites, which is short for Completely Automated Public Turing test to tell Computers and Humans Apart.

Instead of requiring that users fill in the letters and numbers shown in a distorted image, sites that use Google’s reCAPTCHA service will be able to use just one click, answering a simple question: Are you a robot?

“reCAPTCHA protects the websites you love from spam and abuse,” wrote Vinay Shet, product manager for Google’s reCAPTCHA service, in a blog post. “For years, we’ve prompted users to confirm they aren’t robots by asking them to read distorted text and type it into a box… But, we figured it would be easier to just directly ask our users whether or not they are robots. So, we did! ”

Google on Wednesday began rolling out a new API that rethinks the reCAPTCHA experience.

CAPTCHA “can be hard to read and frustrating for people, particularly on mobile devices,” said Zeus Kerravala, an analyst with ZK Research. “People often have to put in the text several times. On the surface, this seems a good way to improve the user experience. It still requires human intervention, just something simpler.”

CAPTCHAs were created to foil computer programs that hackers or spammers use to troll for access to websites or to collect email addresses.

Google said CAPTCHAs are less useful than they have been, although they are still frustrating to everyday users.

“CAPTCHAs have long relied on the inability of robots to solve distorted text,’ wrote Shet. “However, our research recently showed that today’s artificial intelligence technology can solve even the most difficult variant of distorted text at 99.8% accuracy. Thus distorted text, on its own, is no longer a dependable test.”

The new API, along with Google’s ability to analyze a user’s actions — before, during, and after clicking on the reCAPTCHA box — let’s the new technology figure out if the user is human or not.

“The new API is the next step in this steady evolution,” Shet stated. “Now humans can just check the box and in most cases, they’re through the challenge.”

Source

Twitter To Track Mobile Users

Twitter Inc has plans to start tracking what third-party apps are installed on users’ mobile devices so the social media company can deliver more tailored content, including ads, the company has revealed.

The feature, called “app graph,” will allow the company to see what other applications users may have installed on phones or other devices.

“To help build a more personal Twitter experience for you, we are collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in,” the company said on its site.

The posting also included instructions on how to turn the feature off. Twitter is not collecting data from within the applications, the posting noted.

Twitter, whose main service allows users to broadcast 140-character messages, has been searching for ways to re-invigorate user engagement and drive growth. As part of that effort, the company is considering creating additional mobile applications beyond its core messaging service.

Source

McAfee’s Biometric Software Coming Soon

A McAfee security product that will use biometric technology to authenticate users will be available for download by the end of the year, said Kirk Skaugen, senior vice president and general manager of the PC Client Group at Intel, last week.

“Your biometrics basically eliminate the need for you to enter passwords for Windows log in and eventually all your websites ever again,” Skaugen said.

Further product details were not immediately available. But one of the major inconveniences in using PCs and tablets is remembering passwords, which biometrics can tame.

An average user has about 18 passwords and biometric authentication will make PCs easier to use, Skaugen said.

Biometric authentication isn’t new. It’s being used in Apple Pay, where fingerprint authentication helps authorize credit card payments through the iPhone or iPad. Intel has been working on multiple forms of biometric authentication through fingerprint, gesture, face and voice recognition.

McAfee is owned by Intel, and the chip maker is building smartphone, tablet and PC technology that takes advantage of the security software. Intel has also worked on biometric technology for wearable devices like SMS Audio’s BioSport In-Ear Headphones, which can measure a person’s heart rate.

Intel also wants to make PCs and tablets easier to use through wireless charging, display, docking and data transfers. Such capabilities would eliminate the need to carry power brick and cables for displays and data transfers. Such capabilities will start appearing in laptops next year with sixth-generation Core chips code-named Skylake, which will be released in the second half.

Source

Should Encryption Be The Norm?

Encryption should be a matter of priority and used by default. That’s the message from the Internet Architecture Board (IAB), the worldwide body in charge of the internet’s technology infrastructure.

The IAB warned in a statement that “the capabilities and activities of attackers are greater and more pervasive than previously known”.

It goes on to say: “The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default.

“We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.”

The purpose, the IAB claims, is to instill public trust in the internet after the myriad high-profile cases in which computer traffic has been intercepted, ranging from bank details to email addresses and all points in between.

The news will be unwelcome to the security services, which have repeatedly objected to initiatives such as the default encryption in iOS8 and Android L, claiming that it is in the interest of the population to retain the right to intercept data for the prevention of terrorism.

However, leaked information, mostly from files appropriated by rogue NSA contractor Edward Snowden, suggests that the right of information interception is abused by security services including the UK’s GCHQ.

These allegations include the collection of irrelevant data, the investigation of cold cases not in the public interest, and the passing of pictures of nude ladies to colleagues.

Source

New Data Suggest IT Hiring Increasing

Whenever IT hiring increases, as it did last month, the default explanation from analysts is this: The economy is improving.

That might be true, and it may well explain the U.S. Department of Labor’s report today that showed the U.S., overall, added 214,000 jobs last month.

Of that total employment gain, IT hiring grew by 7,800 jobs in October, compared with a gain of 6,900 jobs in September, according to TechServe Alliance, an IT industry group.

Another IT labor analyst group, Janco Associates, calculated last month’s IT gains at 9,500 jobs.

Government data can be reported in different ways, depending on which job categories are included in the IT job estimates, and it is why analysts report job numbers differently.

Hiring trends are also affected by Labor Department adjustments, and the government’s adjusted data adds nearly 25,000 telecom jobs over the past two months, according to Janco. Because of this adjustment, Janco termed the recent growth in IT over the past several months “explosive,” while TechServe put last month’s results as “modestly stronger.”

There is no one reason for October’s gain. An improving economy may be at the heart of any answer. Independent of the government numbers, Computer Economics, in a recent report on contingent versus full-time hiring, said it is seeing a drop in the use of contract workers at large companies and more reliance on full-time workers, which is a sign of an improving economy.

Source

« Previous Page — Next Page »