Sign up for our Technology Newsletter 
Twitter’s Authentication Has Vulnerabilities
June 6, 2013 by admin
Filed under Around The Net
Comments Off on Twitter’s Authentication Has Vulnerabilities
Twitter’s SMS-based, two-factor authentication feature could be abused to lock users who have not enabled it for their accounts if attackers gain access to their log-in credentials, according to researchers from Finnish antivirus vendor F-Secure.
Twitter introduced two-factor authentication last week as an optional security feature in order to make it harder for attackers to hijack users’ accounts even if they manage to steal their usernames and passwords. If enabled, the feature introduces a second authentication factor in the form of secret codes sent via SMS.
According to Sean Sullivan, a security advisor at F-Secure, attackers could actually abuse this feature in order to prolong their unauthorized access to those accounts that don’t have two-factor authentication enabled. The researcher first described the issue Friday in a blog post.
An attacker who steals someone’s log-in credentials, via phishing or some other method, could associate a prepaid phone number with that person’s account and then turn on two-factor authentication, Sullivan said Monday. If that happens, the real owner won’t be able to recover the account by simply performing a password reset, and will have to contact Twitter support, he said.
This is possible because Twitter doesn’t use any additional method to verify that whoever has access to an account via Twitter’s website is also authorized to enable two-factor authentication.
When the two-factor authentication option called “Account Security” is first enabled on the account settings page, the site asks users if they successfully received a test message sent to their phone. Users can simply click “yes,” even if they didn’t receive the message, Sullivan said.
Instead, Twitter should send a confirmation link to the email address associated with the account for the account owner to click in order to confirm that two-factor authentication should be enabled, Sullivan said.
As it is, the researcher is concerned that this feature could be abused by determined attackers like the Syrian Electronic Army, a hacker group that recently hijacked the Twitter accounts of several news organizations, in order to prolong their unauthorized access to compromised accounts.
Some security researchers already expressed their belief that Twitter’s two-factor authentication feature in its current implementation is impractical for news organizations and companies with geographically dispersed social media teams, where different employees have access to the same Twitter account and cannot share a single phone number for authentication.
Twitter did not immediately respond to a request for comment regarding the issue described by Sullivan.
Lenovo Soars
PC sales in China and high growth in smartphones sales helped boost Lenovo’s net profit for its fiscal fourth quarter by 90% year-over-year.
For the quarter ended March 31, Lenovo’s net profit was $127 million, the company said on Thursday. Revenue shattered records and was at $7.8 billion, growing 4% from the same period last year.
In Lenovo’s home market of China, the company had an operating margin of 4.9%, an increase of 8% year-over-year. The company also saw continued profitability in its mobile devices business, which makes up 9% of its overall sales. At the end of the quarter, Lenovo’s smartphone shipments were up 206% year-over-year.
Globally, PC shipments were down 13.9% year-over-year in the quarter, the market’s steepest decline since research firm IDC began tracking the market in 1994. Lenovo itself posted flat year-over-year PC shipment growth in the period.
Smartphone and tablet popularity have hurt PC sales, according to analysts. Computers running Microsoft’s Windows 8 have also failed to drum up consumer interest in the previous two quarters.
Lenovo, however, has managed to weather the slowdown by taking advantage of the Chinese PC market, where it has an over 30% market share. Close to half of the company’s revenue comes from the country, now the world’s largest PC market.
The company is now close to surpassing leading PC vendor HP for the top spot. The company had a 15.3% share of the market in this year’s first quarter, while HP had a 15.7% share.
But the Chinese PC maker also plans to focus more of its investment on tablets, smartphones and enterprise hardware, the company’s CEO Yang Yuanqing said in a statement. Earlier this year, Lenovo also reorganized its operations to sharpen the company’s branding and compete better in high-end products.
For the current fiscal year, Lenovo aims to ship 50 million smartphones, up from 30 million last year, Yang said Thursday in an earnings call. It aims to ship 10 million tablets, a five-fold increase from the previous fiscal year.
Most of Lenovo’s smartphone sales come from China, but the company has also begun selling handsets in the emerging markets of Russia, India, Indonesia, the Philippines and Vietnam. In addition, Lenovo is preparing to bring its smartphones to the U.S. and European markets, Yang said, without saying when.
Yahoo On A Buying Spree
Yahoo has purchased a mobile gaming company, Loki Studios, taking its total acquisitions this month to four.
The company said over the weekend it welcomed Loki, Astrid, GoPollGo and MileWise to its growing mobile team. “We recently added 22 entrepreneurs to our growing mobile team,” the company said in a Twitter message in a possible reference to some of the people from the four companies who have moved to Yahoo.
Loki’s flagship application is its location-aware game, Geomon. “We are thrilled to be joining the exceptional folks at Yahoo!. We believe fully in their commitment to creating outstanding mobile products,” the Loki team said on their website.
Earlier in the week, Yahoo also acquired GoPollGo, a social polling tool. The company’s founder and team said they were moving to Yahoo, and would no longer be supporting their offerings.
It is not clear whether Yahoo has bought all these companies for their products and technology or just to get their experienced staff in the area of mobile as it tries to build up its own mobile capabilities. The way the services are being shut down suggests that their user base did not particularly interest Yahoo. The company could not be immediately reached for comment.
Will Oracle Retire MySQL?
The founder of MySQL Michael Widenius “Monty” claims that Oracle is killing off his MySQL database and he is recommending that people move to his new project MariaDB. In an interview with Muktware Widenius said his MariaDB, which is also open source, its on track to replacing MySQL at WikiMedia and other major organizations and companies.
He said MySQL was widely popular long before MySQL was bought by Sun because it was free and had good support. There was a rule that anyone should get MySQL up and running in 15 minutes. Widenius was concerned about MySQL’s sale to Oracle and has been watching as the popularity of MySQL has been declining. He said that Oracle was making a number of mistakes. Firstly new ‘enterprise’ extensions in MySQL were closed source, the bugs database is not public, and the MySQL public repositories are not anymore actively updated.
Widenius said that security problems were not communicated nor addressed quickly and instead of fixing bugs, Oracle is removing features. It is not all bad. Some of the new code is surprisingly good by Oracle, but unfortunately the quality varies and a notable part needs to be rewritten before we can include it in things like MariaDB. Widenius said that it’s impossible for the community to work with the MySQL developers at Oracle as it doesn’t accept patches, does not have a public roadmap and there was no way to discuss with MySQL developers how to implement things or how the current code works.
Basically Oracle has made the project less open and the beast has tanked, while at the same time more open versions of the code, such as MariaDB are rising in popularity.
SOA’s New API Goes To The Cloud
SOA Software has launched an application programming interface (API) gateway today that allows businesses to expose their API’s with a built-in cloud based developer community, helping to grow their services and make it quicker for them to get up and running.
The firm’s CTO Alistair Farquharson said the API Gateway is unique due to it being a new concept in API and SOA management, aiming to “deliver new advantages in the application-level security space”.
“The new API Gateway provides monitory, security, and more uniquely, a developer community as well, so kind of a turnkey approach to an API gateway where a customer can buy that product, get it up and running, expose their API and expose the developer community to the outside world,” Farquharson said.
“[It will] support and manage the porting of mobile applications or web apps or B2B partnerships.”
Farquharson explained that there are three main components within the Gateway, which SOA Software has termed a “unified services gateway”, including a runtime component, a policy manager, and a developer community.
The runtime component handles the message traffic, whereas the policy manager component is capable of managing a range of different policies, such as threat protection, authentication, authorisation, anti-virus, monitorin, auditing, logging, for example.
“The whole objective here is to get a customer up and running with API’s as quickly as possible to meet some kind of a business need that they have, whether that’s mobile an application initiative or a web application, integration or syndication,” Farquharson added.
The third component is the API’s cloud-based “developer community”, which exposes an organisation to the outside world so developers can come take a look at its API, read its documentation, and see what APIs it has to figure out how to interact with them.
It’s this component that sets SOA Software’s Gateway apart form other firms doing similar appliances on the market, claims Farquharson.
“It essentially becomes the developer site for your organisation, with it all running on a single appliance which is rather unique,” he added.
“The interesting thing about the gateway is that it does API’s as well as services [that are] needed for mobile devices so you have old and the new encapsulated in the single appliance, which is very important to our customers.”
The developer community is offered through the API as a service, “like the Salesforce of APIs”, Farquharson said.
“Developers can go there and build their community and it provides them with high level service and availability and saglobla infrastructure and leverage the strength of their community to get themselves going.”
Xerox Moving Into IT Services
Printer and copier maker Xerox Corp forecast current-quarter earnings below estimates as it quickens efforts to transform itself into a technology services provider.
Xerox, whose shares were little changed at midday, also offers services such as managing toll systems and healthcare programs to counter sluggish growth in its printers and copiers business, which accounts for about 40 percent of its revenue.
Services is now the larger part of the company’s business and lower margins in IT and business process outsourcing is dragging overall margins.
The company said it expects second-quarter revenue from its document technology business, which includes printers and copiers, to decline in the mid-single digits. Revenue fell 9 percent to $2.14 billion in the business in the first quarter.
Based in Norwalk, Connecticut, Xerox moved into business services with its purchase of Affiliated Computer Services Inc (ACS) for $5.5 billion in 2009 – the company’s biggest deal in its 106-year history.
Xerox said it plans to quicken the pace of a restructuring plan kicked off in the last quarter of 2012 and included a 2-cent restructuring charge in its second-quarter forecast.
Xerox said it expects flattish revenue for the full year, compared with previous expectations of up to a 2 percent growth, it said on a conference call with analysts.
The company said it was on track to reach its target of adjusted EPS of $1.09 to $1.15 for the full year and to generate operating cash flow of $2.1 billion to $2.4 billion.
“Europe remains weak. US remains stable, but weak. We have not seen a pickup in the US,” Xerox CEO Ursula Burns said on a conference call with analysts.
“We did see a slowdown, a bit of a slowdown, in some developing market economies. But our business model is fairly resilient in the developing markets,” she said.
Citrix Goes To The Cloud
Citrix System’s GoToWebcast has become generally available in North America and Europe, offering users a cloud-based webcasting tool for up to 5,000 participants.
The subscription-based GoToWebcast allows users to broadcast unlimited audio and video presentations to live and on-demand audiences that can access them using mobile devices such as Apple’s iPhones and iPads, or Android-based smartphones and tablets.
To simplify administration, GoToWebcast has a five-step wizard that walks users through setting up their event. Users are first asked to schedule the event, including deciding audience size and if the web cast should be available on-demand or live with an archive. Users are then asked to select registration alternatives, multimedia options, choose what content to upload and finally decide on security and email settings.
In addition to audio and video, users can upload presentation documents, chat with attendees, conduct polls and link to social media channels. Citrix didn’t announce any pricing for the new service, only saying that users pay a fixed monthly fee.
The company also released a beta version of GoToWebinar with HDFaces for the 500- and 1,000-attendee plans. HDFaces is a video conferencing technology that lets up to six presenters lead interactive Q&A sessions, host panel discussions, or do demonstrations in high-definition.
The announcement comes after the recently announced availability of HDFaces for up to 100 participants in GoToWebinar and GoToTraining sessions, as Citrix adds high-definition video across its GoTo portfolio.
IBM’s Next-gen Transistors Mimick Human Brain
Comments Off on IBM’s Next-gen Transistors Mimick Human Brain
IBM has discovered a way to make transistors that could be turned into virtual circuitry that mimics how the human brain operates.
The new transistors would be made from strongly correlated materials, such as metal oxides, which researchers say can be used to build more powerful — but less power-hungry — computation circuitry.
“The scaling of conventional-based transistors is nearing an end, after a fantastic run of 50 years,” said Stuart Parkin, an IBM fellow at IBM Research. “We need to consider alternative devices and materials that operate entirely differently.”
Researchers have been trying to find ways of changing conductivity states in strongly correlated materials for years. Parkin’s team is the first to convert metal oxides from an insulated to conductive state by applying oxygen ions to the material. The team recently published details of the work in the journal Science.
In theory, such transistors could mimic how the human brain operates in that “liquids and currents of ions [would be used] to change materials,” Parkin said, noting that “brains can carry out computing operations a million times more efficiently than silicon-based computers.”
Facebook Goes DRAM
Facebook has come up with a data cache which runs on flash memory instead of DRAM. Dubbed McDipper it saves money while still delivering higher performance than disk.
The system is a Facebook-built implementation of the popular memcached key-value store the only difference is that runs on flash memory rather than pricier DRAM. Memcached is the open-source key-value store that caches frequently accessed data in memory so applications can access and serve it faster than if it were stored on hard disks.
Facebook runs thousands of memcached servers to power its various applications. The only downside is that it is expensive. McDipper can handle working sets that had very large footprints but moderate to low request rates. It provides up to 20 times the capacity per server and still supports tens of thousands of operations per second.
According to Gigaom, Facebook has deployed McDipper for a handful of these workloads. This has reduced the total number of deployed servers in some pools by as much as 90 per cent while still delivering more than 90 per cent of get responses with sub-millisecond latencies.
HP Goes All-In On Tablets
Hewlett-Packard garnered attention at Mobile World Congress show with its new Slate 7-inch tablet and then the sale of webOS assets, but the company is looking to put past distractions behind and will release more tablets in the future, the company said.
“You can expect going forward [to release] a family of products,” said Shane Wall, chief technology officer at Hewlett-Packard’s mobility group, in an interview at MWC. The mobility trade show is being held in Barcelona from Feb. 25 to 28.
The 7-inch tablet attracted a small crowd at the HP booth, with people lining up to photograph or use the device. The company effectively took a dive into the low-cost tablet and tried to differentiate its tablet by a lower price, and also features like a micro-SD card slot for expandable storage and dual-cameras. Google’s $199 Nexus 7 is priced higher and has a quad-core processor, a higher-resolution screen and Android 4.2, but HP believes it will sell a lot of the tablets at the $169 price.
“We’re obviously late,” Wall said. “We wanted to start and see how aggressive we can be on the low end.”
The Slate 7 also signifies HP’s re-entry into the consumer tablet market after a disastrous stint with the webOS mobile operating system, which it got with the acquisition of Palm in 2010 for $1.2 billion. The first webOS tablet, the TouchPad, was launched in 2011, but later discontinued along with webOS smartphones. Since then HP has released enterprise tablets such as ElitePad 900 with Windows 8, and now the company has adopted Android for consumer tablets.