Many Websites Still Exposed

The world’s top 1,000 websites have been updated to protect their servers against the “Heartbleed” vulnerability, but up to 2% of the top million remained unprotected as of last week, according to a California security firm.

On Thursday, Menifee, Calif.-based Sucuri Security scanned the top 1 million websites as ranked by Alexa Internet, a subsidiary of Amazon that collects Web traffic data.

Of the top 1,000 Alexa sites, all were either immune or had been patched with the newest OpenSSL libraries, confirmed Daniel Cid, Sucuri’s chief technology officer, in a Sunday email.

Heartbleed, the nickname for the flaw in OpenSSL, an open-source cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption, was discovered independently by Neel Mehta, a Google security engineer, and researchers from security firm Codenomicon earlier this month.

The bug had been introduced in OpenSSL in late 2011.

Because of OpenSSL’s widespread use by websites — many relied on it to encrypt traffic between their servers and customers — and the very stealthy nature of its exploit, security experts worried that cyber criminals either had, or could, capture usernames, passwords,\ and even encryption keys used by site servers.

The OpenSSL project issued a patch for the bug on April 7, setting off a rush to patch the software on servers and in some client operating systems.

The vast majority of vulnerable servers had been patched as of April 17, Sucuri said in a blog postthat day.

While all of the top 1,000 sites ranked by Alexa were immune to the exploit by then, as Sucuri went down the list and scanned smaller sites, it found an increasing number still vulnerable. Of the top 10,000, 0.53% were vulnerable, as were 1.5% of the top 100,000 and 2% of the top 1 million.

Other scans found similar percentages of websites open to attack: On Friday, San Diego-based Websense said about 1.6% of the top 50,000 sites as ranked by Alexa remained vulnerable.

Since it’s conceivable that some sites’ encryption keys have been compromised, security experts urged website owners to obtain new SSL certificates and keys, and advised users to be wary of browsing to sites that had not done so.

Sucuri’s scan did not examine sites to see whether they had been reissued new certificates, but Cid said that another swing through the Web, perhaps this week, would. “I bet the results will be much much worse on that one,” Cid said.

Source

Can Plastic Replace Silicon?

Can plastic materials morph into computers? A research breakthrough recently published brings such a possibility closer to reality.

Researchers are looking at the possibility of making low-power, flexible and inexpensive computers out of plastic materials. Plastic is not normally a good conductive material. However, researchers said this week that they have solved a problem related to reading data.

The research, which involved converting electricity from magnetic film to optics so data could be read through plastic material, was conducted by researchers at the University of Iowa and New York University. A paper on the research was published in this week’s Nature Communications journal.

More research is needed before plastic computers become practical, acknowledged Michael Flatte, professor of physics and astronomy at the University of Iowa. Problems related to writing and processing data need to be solved before plastic computers can be commercially viable.

Plastic computers, however, could conceivably be used in smartphones, sensors, wearable products, small electronics or solar cells, Flatte said.

The computers would have basic processing, data gathering and transmission capabilities but won’t replace silicon used in the fastest computers today. However, the plastic material could be cheaper to produce as it wouldn’t require silicon fab plants, and possibly could supplement faster silicon components in mobile devices or sensors.

“The initial types of inexpensive computers envisioned are things like RFID, but with much more computing power and information storage, or distributed sensors,” Flatte said. One such implementation might be a large agricultural field with independent temperature sensors made from these devices, distributed at hundreds of places around the field, he said.

The research breakthrough this week is an important step in giving plastic computers the sensor-like ability to store data, locally process the information and report data back to a central computer.

Mobile phones, which demand more computing power than sensors, will require more advances because communication requires microwave emissions usually produced by higher-speed transistors than have been made with plastic.

It’s difficult for plastic to compete in the electronics area because silicon is such an effective technology, Flatte acknowledged. But there are applications where the flexibility of plastic could be advantageous, he said, raising the possibility of plastic computers being information processors in refrigerators or other common home electronics.

“This won’t be faster or smaller, but it will be cheaper and lower power, we hope,” Flatte said.

Source

Lavaboom Offers To Encrypt

A new webmail service named Lavaboom promises to provide easy-to-use email encryption without ever learning its users’ private encryption keys or message contents.

Lavaboom, based in Germany and founded by Felix MA1/4ller-Irion, is named after Lavabit, the now defunct encrypted email provider believed to have been used by former NSA contractor Edward Snowden. Lavabit decided to shut down its operations in August in response to a U.S. government request for its SSL private key that would have allowed the government to decrypt all user emails.

Lavaboom designed its system for end-to-end encryption, meaning that only users will be in possession of the secret keys needed to decrypt the messages they receive from others. The service will only act as a carrier for already encrypted emails.

Lavaboom calls this feature “zero-knowledge privacy” and implemented it in a way that allows emails to be encrypted and decrypted locally using JavaScript code inside users’ browsers instead of its own servers.

The goal of this implementation is to protect against upstream interception of email traffic as it travels over the Internet and to prevent Lavaboom to produce plain text emails or encryption keys if the government requests them. While this would protect against some passive data collection efforts by intelligence agencies like the NSA, it probably won’t protect against other attack techniques and exploits that such agencies have at their disposal to obtain data from computers and browsers after it was decrypted.

Security researchers have yet to weigh in on the strength of Lavaboom’s implementation. The service said on its website that it considers making parts of the code open source and that it has a small budget for security audits if any researchers are interested.

Those interested in trying out the service can request to be included in its beta testing period, scheduled to start in about two weeks.

Free Lavaboom accounts will come with 250MB of storage space and will use two-way authentication based on the public-private keypair and a password. A premium subscription will cost a!8 (around US$11) per month and will provide users with 1GB of storage space and a three-factor authentication option.

Source

BlackBerry To Patch For Heartbleed

BlackBerry Ltd said it will release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the “Heartbleed” security threat.

Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.

Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc’s Android software and Apple Inc’s iOS software.

Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.

He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.

Still, he said, “The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.

“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.

Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.

Security experts say that other mobile apps are also likely vulnerable because they use OpenSSL code.

Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.

He said mobile app developers have time to figure out which products are vulnerable and fix them.

“It will take the hackers a couple of weeks or even a month to move from ‘proof of concept’ to being able to exploit devices,” said Shaulov.

Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.

Companies including Cisco Systems Inc, Hewlett-Packard Co, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.

Source

Juniper Boots Employees

Juniper Networks plans to reduce its global workforce by six percent and focus on its high-growth businesses. Juniper said most of the cuts would impact middle management positions and that it expected to incur cash charges of about $35 million in the first quarter, related to severance and other expenses. The company had 9,483 full-time employees as of December 31.

Juniper also said it would stop development of the application delivery controller technology, which helps remove excess load from servers, resulting in a non-cash intangible asset impairment charge of about $85 million. The company said it plans to consolidate its facilities, flog off of about 300,000 square feet of leased facilities.

Juniper added that it expected to record other non-cash asset write-downs of about $10 million in the first quarter and that it expects to carry out more restructuring in the second quarter.

Hedge fund Elliott recently claimed that Juniper shares were “undervalued” and could be worth $35-$40 if Juniper focused on revamping its core business of making routers and switches for mobile carriers such as Verizon and AT&T. Shares of Juniper are currently worth at $26.35.

Source

Oracle Updates NoSQL

Oracle has announced the availability of the latest edition of its NoSQL datatabase.

NoSQL is Oracle’s distributed key-value database. Now in it’s third version, the enhancements this time are heavily centred around security and business continuity.

Oracle NoSQL 3.0 features improvements in security with cluster-wide password based user authentication and integration with Oracle Wallet. Session level Secure Socket Layer (SSL) encryption and network port restriction are also included.

For disaster recovery and prevention, there’s automatic fail-over to metro-area secondary data centres, while secondary server zones can be used to offload read-only workloads to take the pressure off primary servers under stress.

For developers, there is added support for tabular data models that Oracle claims will simplify application design and improve integration with SQL based applications, while secondary indexing improves query performance.

“Oracle NoSQL 3.0 helps organisations fill the gap in skills, security and performance by delivering […] enterprise-class NoSQL database that empowers database developers and DBAs to easily, intuitively and securely build and deploy next generation applications,” said Oracle’s EVP of Database Server Technologies, Andrew Mendelsohn.

It’s already been a big week for the SQL community with NoSQL arriving on MariaDB for the first time, courtesy of a tie-up between SkySQL, Google and IBM on Tuesday, while yesterday Fusion-IO announced the use of Non-volatile memory (NVM) compression in MySQL to increase the capacity of SSD storage.

Both the community and enterprise versions of Oracle NoSQL Database 3.0 are available for download now from the Oracle Technology Network.

Source

IT Dissatisfaction Growing

Companies want to reduce spending on IT operations and infrastructure and shift resources to revenue-producing areas, according to two new studies. But businesses leaders and IT executives are also registering higher levels of dissatisfaction with IT as more demands are placed on technology.

The reports, by the Hackett Group and McKinsey & Co., both agree that business executives want IT to do more to improve the bottom line while companies spend less on infrastructure in the process.

The bad news for people who work in IT operations is that large businesses expect to cut IT staff positions by about 2% this year, thanks to automation and outsourcing, according the Hackett’s survey of 160 businesses with revenues above $1 billion.

One path to improved automation will likely be through adoption of software-defined infrastructures, something Bank of America plans to do.

IT budgets will grow by 1.7% this year as IT pivots, increasingly, from a service-providing operation to a revenue-generating one, the Hackett Group said in its study.

IT managers are being told that “you’ve got to grow the business, not just run the business,” said Mark Peacock, an IT transformation practice leader and principal at Hackett.

McKinsey & Co., in its online survey of more than 800 executives — with 345 having a technology focus — also found that executives want less of their budgets to go to infrastructure so more resources can be shifted to analytics and innovation.

The McKinsey survey found that business executives are less likely to say now that IT performs effectively, compared to their views two years ago.

“The IT executives are even more negative,” wrote McKinsey, with only 13% of them saying their IT organizations “are completely or very effective at introducing new technologies faster or more effectively than competitors.” That percentage was down from 22% in 2012.

The negative results “likely reflect the overall rising expectations for corporate IT,” wrote McKinsey.

When asked how to fix IT shortcomings, respondents cited improved business accountability, more funds for priority projects and a higher the level of IT talent, the report said.

The Hackett Group survey didn’t report on dissatisfaction, but it did find that the top goal for IT organizations this year is “to strengthen partnership and goal alignment between IT and the business.”

Source

Cisco Goes To The Cloud

Cisco Systems Inc will offer cloud computing services, pledging to spend $1 billion over the next two years to make a foray into a market currently dominated by the world’s biggest online retailer Amazon.com Inc, the Wall Street Journal reported.

Cisco said it will spend the amount to build data centers to help run the new service called Cisco Cloud Services, the Journal reported.

Cisco, which mainly deals in networking hardware, wants to take advantage of companies’ desire to rent computing services rather than buying and maintaining their own machines.

Enterprise hardware spending is dwindling across the globe as companies cope with shrinking budgets, slowing or uncertain economies and a fundamental migration to cloud computing, which reduces demand for equipment by outsourcing data management and computing needs.

“Everybody is realizing the cloud can be a vehicle for achieving better economics (and) lower cost,” the Journal quoted Rob Lloyd, Cisco’s president of development and sales as saying.

“It does not mean that we’re embarking on a strategy to go head-to-head with Amazon.”

Microsoft Corp last year said it was cutting prices for hosting and processing customers’ online data in an aggressive challenge to Amazon’s lead in the growing business of cloud computing.

Cisco could not be immediately reached for comment by Reuters outside regular U.S.business hours.

Source

Does B&N Have A Buyer?

Investment firm G Asset Management said on Friday that it had offered to acquire a 51 percent stake in either Barnes & Noble Inc or in the bookseller’s Nook digital business.

The little known firm said the proposal for Barnes & Noble as a whole would be for $22 per share, which would value the top U.S. bookstore chain at $1.32 billion. It comes after earlier proposal in November for $20 per share, its second.

G Asset, which not did detail how it would finance a deal, also made an alternative offer to buy Nook for $5 per share, saying spinning off the digital books and device business would create “substantial shareholder value.”

The latest offer for the whole company would value Barnes & Noble at $1.32 billion, while the proposal for Nook would value that unit at about $300 million.

The firm has previously pressed the company to spin off its Nook unit from Barnes & Noble’s bookstore and college units.

Michael Glickstein, G Asset’s Chief Investment Officer, and the only person listed on the firm’s website, did not immediately return a request for comment.

Barnes & Noble shares were up 5.8 percent at $17.75 in afternoon trading after going as high as $19.12 after the news was released, suggesting Wall Street analysts were doubtful a deal would get done.

A Barnes & Noble spokeswoman declined to comment beyond confirming that the company had received G Asset’s offer.

The original Nook device was launched in 2009 to help Barnes & Noble fend off Amazon.com Inc and allowed the retailer to win as much as 27 percent of the U.S. e-books market.

But the company lost hundreds of millions of dollars trying to keep pace with deep-pocketed rivals such as Amazon, Apple Inc and Google Inc. It has scaled back its Nook business and focusing more on content and software.

Two years ago, Microsoft Corp invested $300 million in the Nook unit for a 17.6 percent stake, valuing the division at $1.7 billion. In late 2012, Pearson PLC took a 5 percent stake in Nook for $89.5 million.

Source

Dell Goes A4WP

Dell has become the first major PC OEM to join the Alliance for Wireless Power (A4WP) group, joining over 80 existing members Broadcom, Gill Electronics, IDT, Intel, Qualcomm and Samsung.

Dell’s membership means it could soon be developing mobile devices that do not require a wired power adapter to charge.

The A4WP aims to standardise wireless power transfer using near-field magnetic resonance technology called “rezence”, which seeks to liberate mobile devices from wired chargers, charging multiple devices simultaneously without the need to dock the devices.

“Power levels and charging speed will meet the expectations of today’s ‘always on, always connected’ user,” the A4WP said. “Users can simply ‘drop and go’ their devices onto a charging surface without the hassle of accurate positioning or alignment.”

Along with the news that Dell will jump on board to unshackle users from the curse of wired chargers, A4WP is also introducing a secondary, higher-powered project focusing on wirelessly charging electronic products from 20 to 50 watts, like ultrabooks, laptops, and mid-powered appliances.

“Dell’s addition to the Alliance signifies the importance of defining a wireless power standard that spans these higher power levels thus expanding the range of electronics beyond smartphones,” the group added.

A4WP said it believes the development of magnetic resonance technology will improve the customer experience when it comes to charging and will bring the capability into more homes and businesses over the next few years.

It also said that its development of wireless charging technology will help benefit both industry and consumers as the specification powers broadly adopted wireless technologies such as Bluetooth Smart, “which simplifies development and manufacturing”.

Source

« Previous Page — Next Page »